Lucene search

K

Nanopb Security Vulnerabilities

cve
cve

CVE-2014-125106

Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and...

9.8CVSS

9.4AI Score

0.001EPSS

2023-06-17 10:15 PM
10
cve
cve

CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field...

7.1CVSS

6.8AI Score

0.002EPSS

2021-03-23 06:15 PM
85
2
cve
cve

CVE-2020-26243

Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being...

7.5CVSS

7.3AI Score

0.003EPSS

2020-11-25 05:15 PM
166
cve
cve

CVE-2020-5235

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can.....

9.8CVSS

9.1AI Score

0.003EPSS

2020-02-04 03:15 AM
58