UBUNTU-CVE-2024-53984
- Source
- https://ubuntu.com/security/CVE-2024-53984
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-53984.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-53984
- Related
- Published
- 2024-12-02T16:15:00Z
- Modified
- 2025-01-13T10:26:50Z
- Summary
- [none]
- Details
-
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex() function is used with flag PBDECODEDELIMITED, then the pbdecodeex() function does not automatically call pbrelease(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.
- References
Affected packages
Ubuntu:20.04:LTS / nanopb
Package
- Name
- nanopb
- Purl
- pkg:deb/ubuntu/nanopb@0.4.1-1?arch=source&distro=focal
Ubuntu:22.04:LTS / nanopb
Package
- Name
- nanopb
- Purl
- pkg:deb/ubuntu/nanopb@0.4.5-2?arch=source&distro=jammy
Ubuntu:24.10 / nanopb
Package
- Name
- nanopb
- Purl
- pkg:deb/ubuntu/nanopb@0.4.8-2?arch=source&distro=oracular