Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-memory condition in Nanopb is potentially exploitable
Vulnerability Description
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
Nanopb 缓冲区错误漏洞
Vulnerability Description
Nanopb是Nanopb个人开发者的一个适用于微处理器的协议缓冲区实现。 Nanopb 0.4.1之前版本、0.3.9.5之前版本和0.2.9.4之前版本中存在缓冲区错误漏洞。攻击者可借助特制的文件利用该漏洞造成应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A