Description

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.

INFO

Published Date :

2024-12-02T15:54:47.478Z

Last Modified :

2024-12-02T21:40:02.909Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53984 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53984.

URL Resource
https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378 cve-icon cve-icon
https://github.com/nanopb/nanopb/security/advisories/GHSA-xwqq-qxmw-hj5r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact