CVE-2021-21401

EUVD-2021-0139
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
GitHub_MCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
nanopb_projectnanopb
𝑥
< 0.3.9.8
nanopb_projectnanopb
0.4.0 ≤
𝑥
< 0.4.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nanopb
bookworm
0.4.7-2
fixed
bullseye
0.4.4-2
fixed
sid
0.4.9-1
fixed
trixie
0.4.9-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nanopb
bionic
dne
focal
Fixed 0.4.1-1ubuntu0.1~esm1
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/nanopb/nanopb/blob/c9124132a604047d0ef97a09c0e99cd9bed2c818/CHANGELOG.txt#L1
https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
https://github.com/nanopb/nanopb/issues/647
https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88
https://github.com/nanopb/nanopb/blob/c9124132a604047d0ef97a09c0e99cd9bed2c818/CHANGELOG.txt#L1
https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
https://github.com/nanopb/nanopb/issues/647
https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88