VYPR

rpm package

opensuse/nanopb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/nanopb&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2021-21401HigMar 23, 2021
    affected < 0.4.5-1.3fixed 0.4.5-1.3

    Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly conta

  • CVE-2020-26243HigNov 25, 2020
    affected < 0.4.5-1.3fixed 0.4.5-1.3

    Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the m

  • CVE-2020-5235MedFeb 4, 2020
    affected < 0.4.5-1.3fixed 0.4.5-1.3

    There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the