CVE-2014-125106
- EPSS 0.09%
- Veröffentlicht 17.06.2023 22:15:09
- Zuletzt bearbeitet 17.12.2024 16:15:19
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.
CVE-2021-21401
- EPSS 0.2%
- Veröffentlicht 23.03.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:48:16
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, ...
CVE-2020-26243
- EPSS 0.11%
- Veröffentlicht 25.11.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:19:38
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that conta...
CVE-2020-5235
- EPSS 0.56%
- Veröffentlicht 04.02.2020 03:15:10
- Zuletzt bearbeitet 21.11.2024 05:33:44
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs ou...