CVE-2020-5235

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-5235
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5235.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-5235
Downstream
Related
Published
2020-02-04T03:15:10.657Z
Modified
2026-02-11T12:50:50.748938Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PBENABLEMALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling free() on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.

References

Affected packages

Git / github.com/nanopb/nanopb

Affected ranges

Type
GIT
Repo
https://github.com/nanopb/nanopb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
45582f1f97f49e2abfdba1463d1e1027682d9856
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7b396821ddd06df8e39143f16e1dc0a4645b89a3
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2
Introduced
8dede6095ede2281879b3484fa848210bb63dcfc
Fixed
accfbbbd6840dd796efe835a0bf4f89a0835c238
Introduced
c29ca83ff47a7224172a74ccfee07d91fa040e4c
Fixed
3eb9a75c1e66e6182e87e2bd758ff2a4d16acbdc

Affected versions

0.*
0.3.6
0.3.7
0.3.8
0.3.9
0.3.9.1
0.3.9.2
0.3.9.3
0.3.9.4
0.4.0
nanopb-0.*
nanopb-0.3.0
nanopb-0.3.1
nanopb-0.3.2
nanopb-0.3.3
nanopb-0.3.4
nanopb-0.3.5
nanopb-0.3.6
nanopb-0.3.7
nanopb-0.3.8
nanopb-0.3.9
nanopb-0.3.9.1
nanopb-0.3.9.2
nanopb-0.3.9.3
nanopb-0.3.9.4
nanopb-0.4.0
nanopb-0.4.0-dev

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5235.json"
vanir_signatures 
[
    {
        "target": {
            "file": "pb_decode.c"
        },
        "digest": {
            "line_hashes": [
                "28180582548366321054064859592678936499",
                "173130919475097003140702953372688074728",
                "110934570171770968869145982918882243485",
                "98635544888241784543358525741201591600",
                "253840358417371228185192742968541973977",
                "262069779449910844287220592185549273856",
                "339621988144188041086437483593633316235"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-5235-0abdd2bb",
        "source": "https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c",
            "function": "decode_pointer_field"
        },
        "digest": {
            "length": 2230.0,
            "function_hash": "228901543440384795897718486285849338511"
        },
        "signature_type": "Function",
        "id": "CVE-2020-5235-311edd17",
        "source": "https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c",
            "function": "decode_pointer_field"
        },
        "digest": {
            "length": 2700.0,
            "function_hash": "243854632971909049111477995652417044673"
        },
        "signature_type": "Function",
        "id": "CVE-2020-5235-677be4d7",
        "source": "https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c",
            "function": "decode_pointer_field"
        },
        "digest": {
            "length": 2620.0,
            "function_hash": "51163353477471131601889108384589894058"
        },
        "signature_type": "Function",
        "id": "CVE-2020-5235-92c06ba9",
        "source": "https://github.com/nanopb/nanopb/commit/accfbbbd6840dd796efe835a0bf4f89a0835c238",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c"
        },
        "digest": {
            "line_hashes": [
                "165477520322638297651095831014103691890",
                "110063504908703080620243362214468348999",
                "322178983387047726090044168406985402334",
                "227065484611923932531602001446345241513",
                "231698434224719956075280466262717063938",
                "54773041683124643386717824113635098148",
                "164282937809346907653434918213913547083"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-5235-c3626fcc",
        "source": "https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c"
        },
        "digest": {
            "line_hashes": [
                "140501944511697788913147936514983928461",
                "36011667060077717794993412362000842087",
                "220346423082981201819645974796037069439",
                "287159839779562948190501274889884835927",
                "117717705754731843475203082739271595433",
                "216442497325668713690188347272576550889",
                "148659607506413678697427110413022742351"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-5235-d73d6325",
        "source": "https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c",
            "function": "decode_pointer_field"
        },
        "digest": {
            "length": 2605.0,
            "function_hash": "120855412272600406950953084377941096669"
        },
        "signature_type": "Function",
        "id": "CVE-2020-5235-e62333c7",
        "source": "https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "pb_decode.c"
        },
        "digest": {
            "line_hashes": [
                "29869461179647861645657258091060443398",
                "317694239944793773870924798507162710887",
                "49883338759718210682233669510260105190",
                "242294418415078276896985376322876712433",
                "248310906136189448363926434074387488736",
                "189740374876297406603777706333799033639",
                "284442690694329733041268985325718674108",
                "272626893910288436126163698675507604179",
                "140010920080526551190981282851808777125",
                "205917222463279468895442749076929447210",
                "238709944891962448764753428586427220195",
                "40882507757585628442126697972175740906",
                "154718344813447301376129680377363645006",
                "227126689996412852170158545407149072831",
                "232856927769251022008376048706775725461",
                "214916837446439956495702621056286272733",
                "18748092267982132517460438577633511006",
                "223673773813635383764777398979808598331"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2020-5235-e82b70d6",
        "source": "https://github.com/nanopb/nanopb/commit/accfbbbd6840dd796efe835a0bf4f89a0835c238",
        "deprecated": false,
        "signature_version": "v1"
    }
]