CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field an...