This one is easy enough, missing a bounds check when handling nested messages allowed for sending a message with a bunch of nested messages that would be parsed and written out of bounds on a fixed size buffer.