VDB

CVE-2024-53984

CVE-2024-53984 PUBLISHED CVSS 4.300000190734863 MEDIUM

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.

EPSS 0.10% · 27.6th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.10%
27.6th percentile

Affected Products

VendorProductVersions
nanopbnanopb*

Exploit Intelligence

Timeline

  • Jan 21, 1970 Security Advisory
  • Dec 2, 2024 CVE Published
  • Dec 3, 2024 EPSS Score
  • Dec 20, 2024 EPSS Score
  • Jan 6, 2025 EPSS Score
  • Jan 23, 2025 EPSS Score
  • Feb 9, 2025 EPSS Score
  • Feb 25, 2025 Coalition ESS Score
  • Feb 26, 2025 EPSS Score
  • Mar 15, 2025 EPSS Score
  • Apr 1, 2025 EPSS Score
  • Apr 18, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›