{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T01:17:28.645","vulnerabilities":[{"cve":{"id":"CVE-2020-26243","sourceIdentifier":"security-advisories@github.com","published":"2020-11-25T17:15:12.200","lastModified":"2024-11-21T05:19:38.063","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards."},{"lang":"es","value":"Nanopb es una implementación de Búferes de Protocolo de código de tamaño pequeño. En Nanopb versiones anteriores a 0.4.4 y 0.3.9.7, la decodificación de un mensaje formado específicamente puede filtrar la memoria si es habilitada la asignación dinámica y un campo contiene un submensaje estático que contiene un campo dinámico, y el mensaje que está siendo decodificado contiene el submensaje varias veces. Esto es raro en los mensajes normales, pero es preocupante cuando son analizados datos no fiables. Esto está corregido en las versiones 0.3.9.7 y 0.4.4. Están disponibles las siguientes soluciones provisionales: 1) Poner la opción \"no_unions\" para el campo uno. Esto generará campos como separados en lugar de la unión C, y evita desencadenar el código problemático. 2) Ajustar el tipo de campo de submensaje dentro de uno de ellos a \"TP_POINTER\". De esta manera todo el submensaje será asignado dinámicamente y el código problemático no será ejecutado. 3) Usar un asignador de campos para el nanopb, para asegurarse de que toda la memoria pueda ser liberada después"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nanopb_project:nanopb:*:*:*:*:*:*:*:*","versionEndExcluding":"0.3.9.7","matchCriteriaId":"E2479C6C-033B-4F28-895E-9ACDEB6956F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nanopb_project:nanopb:*:*:*:*:*:*:*:*","versionStartIncluding":"0.4.0","versionEndExcluding":"0.4.4","matchCriteriaId":"42DF75C8-803B-4F1A-AF78-929126981CBB"}]}]}],"references":[{"url":"https://github.com/nanopb/nanopb/blob/2b48a361786dfb1f63d229840217a93aae064667/CHANGELOG.txt","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/commit/4fe23595732b6f1254cfc11a9b8d6da900b55b0c","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/issues/615","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/security/advisories/GHSA-85rr-4rh9-hhwh","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/blob/2b48a361786dfb1f63d229840217a93aae064667/CHANGELOG.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/commit/4fe23595732b6f1254cfc11a9b8d6da900b55b0c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/issues/615","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/nanopb/nanopb/security/advisories/GHSA-85rr-4rh9-hhwh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}