Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nanopb does not release memory on error return when using PB_DECODE_DELIMITED
Vulnerability Description
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Vulnerability Title
Nanopb 安全漏洞
Vulnerability Description
Nanopb是Nanopb个人开发者的一个适用于微处理器的协议缓冲区实现。 Nanopb 0.4.0至0.4.9版本存在安全漏洞,该漏洞源于在特定条件下pb_decode_ex函数未自动调用pb_release,可能导致内存泄漏和潜在的拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A