PyPI package
nanopb
pkg:pypi/nanopb
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21401 | Hig | 7.1 | >= 0.3.2, < 0.3.9.8 | 0.3.9.8 | Mar 23, 2021 | Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly conta | |
| CVE-2020-26243 | Hig | 7.5 | >= 0.3.2, < 0.3.9.7 | 0.3.9.7 | Nov 25, 2020 | Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the m |
- affected >= 0.3.2, < 0.3.9.8fixed 0.3.9.8
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly conta
- affected >= 0.3.2, < 0.3.9.7fixed 0.3.9.7
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the m