CVE-2024-53984 – Nanopb Protocol Buffers Denial-of-Service Memory Leak

12月 2, 2024
5:16 pm

CVE ID : CVE-2024-53984

Published : Dec. 2, 2024, 4:15 p.m. | 1 hour ago

Description : Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-53984 – Nanopb Protocol Buffers Denial-of-Service Memory Leak

Elvescore.io

Recent Posts

CVE-2024-12945 – Simple Car Rental System SQL Injection

CVE-2024-12946 – “1000 Projects Attendance Tracking Management System SQL Injection Vulnerability”

CVE-2023-7300 – Huawei Home Music System Path Traversal Vulnerability

CVE-2024-12943 – “CodeAstro House Rental Management System SQL Injection Vulnerability”

CVE-2024-12944 – CodeAstro House Rental Management System SQL Injection

CVE-2024-56433 – “Shadow Utilities Default Subuid Conflict Vulnerability”

CVE-2024-53984 – Nanopb Protocol Buffers Denial-of-Service Memory Leak

CVE-2024-53984 – Nanopb Protocol Buffers Denial-of-Service Memory Leak