UBUNTU-CVE-2020-26243

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-26243

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-26243.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-26243

Related

Published

2020-11-25T17:15:00Z

Modified

2025-01-13T10:22:17Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option no_unions for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to FT_POINTER. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards.

References

Affected packages

Ubuntu:20.04:LTS / nanopb

Package

Name: nanopb
Purl: pkg:deb/ubuntu/nanopb@0.4.1-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / nanopb

Package

Name: nanopb
Purl: pkg:deb/ubuntu/nanopb@0.4.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.1-1ubuntu0.1~esm1

Affected versions

0.*

0.4.1-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.4.1-1ubuntu0.1~esm1",
            "binary_name": "libnanopb-dev"
        },
        {
            "binary_version": "0.4.1-1ubuntu0.1~esm1",
            "binary_name": "nanopb"
        }
    ]
}