GitHub_MCVELIST:CVE-2020-5235CVE-2020-5235 Out-of-memory condition in Nanopb is potentially exploitable
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
9.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.8%
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling free() on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.
CNA Affected
[
{
"product": "Nanopb",
"vendor": "nanopb",
"versions": [
{
"status": "affected",
"version": "< 0.2.9.4"
},
{
"status": "affected",
"version": ">= 0.3.0, < 0.3.9.5"
},
{
"status": "affected",
"version": ">= 0.4.0, < 0.4.1"
}
]
}
]Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
9.3 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.8%