{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T21:18:21.450","vulnerabilities":[{"cve":{"id":"CVE-2024-53984","sourceIdentifier":"security-advisories@github.com","published":"2024-12-02T16:15:14.603","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Nanopb is a small code-size Protocol Buffers implementation.  When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1."},{"lang":"es","value":"Nanopb es una implementación de Protocol Buffers de tamaño de código pequeño. Cuando la opción de tiempo de compilación PB_ENABLE_MALLOC está habilitada, el mensaje contiene al menos un campo con el tipo de campo FT_POINTER, se utiliza una devolución de llamada de flujo personalizada con una longitud de flujo desconocida y la función pb_decode_ex() se utiliza con el indicador PB_DECODE_DELIMITED, entonces la función pb_decode_ex() no llama automáticamente a pb_release(), como se hace para otros casos de falla. Esto podría provocar una pérdida de memoria y una posible denegación de servicio. Esta vulnerabilidad se corrigió en la versión 0.4.9.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"},{"lang":"en","value":"CWE-755"}]}],"references":[{"url":"https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495b378","source":"security-advisories@github.com"},{"url":"https://github.com/nanopb/nanopb/security/advisories/GHSA-xwqq-qxmw-hj5r","source":"security-advisories@github.com"}]}}]}