Medium severity4.3OSV Advisory· Published Dec 2, 2024· Updated Apr 15, 2026
CVE-2024-53984
CVE-2024-53984
Description
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/opensuse/nanopb&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/nanopb&distro=SUSE%20Package%20Hub%2015%20SP6
< 0.4.6-bp156.4.3.1+ 1 more
- (no CPE)range: < 0.4.6-bp156.4.3.1
- (no CPE)range: < 0.4.6-bp156.4.3.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.