CVE-2020-26243

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26243

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26243.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-26243

Aliases

GHSA-85rr-4rh9-hhwh

Related

Published

2020-11-25T17:15:12Z

Modified

2025-01-08T10:29:49.933413Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option no_unions for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to FT_POINTER. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards.

References

Affected packages

Debian:11 / nanopb

Package

Name: nanopb
Purl: pkg:deb/debian/nanopb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nanopb

Package

Name: nanopb
Purl: pkg:deb/debian/nanopb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nanopb

Package

Name: nanopb
Purl: pkg:deb/debian/nanopb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/nanopb/nanopb

Affected ranges

Type: GIT
Repo: https://github.com/nanopb/nanopb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4fe23595732b6f1254cfc11a9b8d6da900b55b0c

Fixed

4fe23595732b6f1254cfc11a9b8d6da900b55b0c

Affected versions

0.*

0.3.6

0.3.7

0.3.8

0.3.9

0.3.9.1

0.3.9.2

0.3.9.3

0.3.9.4

0.3.9.5

0.3.9.6

nanopb-0.*

nanopb-0.1.0

nanopb-0.1.1

nanopb-0.1.2

nanopb-0.1.3

nanopb-0.1.4

nanopb-0.1.5

nanopb-0.1.6

nanopb-0.1.7

nanopb-0.1.8

nanopb-0.1.9

nanopb-0.2.0

nanopb-0.2.1

nanopb-0.2.2

nanopb-0.2.3

nanopb-0.2.4

nanopb-0.2.5

nanopb-0.2.6

nanopb-0.2.7

nanopb-0.2.8

nanopb-0.2.9

nanopb-0.3.0

nanopb-0.3.1

nanopb-0.3.2

nanopb-0.3.3

nanopb-0.3.4

nanopb-0.3.5

nanopb-0.3.6

nanopb-0.3.7

nanopb-0.3.8

nanopb-0.3.9

nanopb-0.3.9.1

nanopb-0.3.9.2

nanopb-0.3.9.3

nanopb-0.3.9.4

nanopb-0.3.9.5

nanopb-0.3.9.6