VYPR

Nanopb

by Nanopb

pypi: nanopb

Source repositories

CVEs (6)

  • CVE-2014-125106CriJun 17, 2023
    risk 0.57cvss 9.8epss 0.01

    Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.

  • CVE-2022-20203HigJun 15, 2022
    risk 0.51cvss 7.8epss 0.00

    In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2020-26243HigNov 25, 2020
    risk 0.42cvss 7.5epss 0.03

    Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the…

  • CVE-2021-21401HigMar 23, 2021
    risk 0.39cvss 7.1epss 0.02

    Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly…

  • CVE-2024-53984MedDec 2, 2024
    risk 0.21cvss 4.3epss 0.00

    Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function…

  • CVE-2020-5235MedFeb 4, 2020
    risk 0.00cvss 6.5epss 0.02

    There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding…