Lucene search

[email protected]CVE-2020-5235

HistoryFeb 04, 2020 - 3:15 a.m.

CVE-2020-5235

2020-02-0403:15:10

CWE-125

[email protected]

web.nvd.nist.gov

nanopb

cve

exploitable

out of memory

memory corruption

security

update

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling free() on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.

Affected configurations

Vulners

NVD

Node

nanopbnanopbRange<0.2.9.4

nanopbnanopbRange0.3.0–0.3.9.5

nanopbnanopbRange0.4.0–0.4.1

CPENameOperatorVersion
nanopb_project:nanopbnanopb project nanopblt0.2.9.4
nanopb_project:nanopbnanopb project nanopblt0.3.9.5
nanopb_project:nanopbnanopb project nanopblt0.4.1

CPE	Name	Operator	Version
nanopb_project:nanopb	nanopb project nanopb	lt	0.2.9.4
nanopb_project:nanopb	nanopb project nanopb	lt	0.3.9.5
nanopb_project:nanopb	nanopb project nanopb	lt	0.4.1

CNA Affected

[
  {
    "product": "Nanopb",
    "vendor": "nanopb",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.2.9.4"
      },
      {
        "status": "affected",
        "version": ">= 0.3.0, < 0.3.9.5"
      },
      {
        "status": "affected",
        "version": ">= 0.4.0, < 0.4.1"
      }
    ]
  }
]

References

github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856

github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3

github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2

github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVE-2020-5235

prion1 osv1 nvd1 debiancve1 ibm1 veracode1 cvelist1