Memory leak in nanopb

Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

输入验证不恰当

Nanopb 缓冲区错误漏洞

Nanopb是Nanopb个人开发者的一个适用于微处理器的协议缓冲区实现。 Nanopb 0.4.4版本和0.3.9.7之前版本存在缓冲区错误漏洞，该漏洞源于如果启用了动态分配，且其中一个字段包含包含动态字段的静态子消息，且被解码的消息多次包含该子消息，则特定格式的解码消息可能会泄漏内存。

N/A

N/A