CVE-2021-21401
Summary
| CVE | CVE-2021-21401 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-03-23 18:15:00 UTC |
|---|
| Updated | 2021-03-29 14:50:00 UTC |
|---|
| Description | Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| nanopb/CHANGELOG.txt at c9124132a604047d0ef97a09c0e99cd9bed2c818 · nanopb/nanopb · GitHub |
MISC |
github.com |
|
| Ill-formed oneof message leads to calling free on an arbitrary pointer · Issue #647 · nanopb/nanopb · GitHub |
MISC |
github.com |
|
| Invalid free() call with oneofs and PB_ENABLE_MALLOC · Advisory · nanopb/nanopb · GitHub |
CONFIRM |
github.com |
|
| Fix invalid free() with oneof (#647) · nanopb/nanopb@e2f0ccf · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179476 Debian Security Update for nanopb (CVE-2021-21401)
- 199489 Ubuntu Security Notification for Nanopb Vulnerabilities (USN-6121-1)
