1.0.0.dev1528
5 years ago
24 days ago
Known vulnerabilities in the nanopb package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
nanopb is a python binding for C package nanopb. Affected versions of this package are vulnerable to Buffer Overflow such that on platforms where How to fix Buffer Overflow? Upgrade | [,0.3.9.6)[0.4.0,0.4.2) |
nanopb is a python binding for C package nanopb. Affected versions of this package are vulnerable to Release of Invalid Pointer or Reference. Decoding a specifically formed message can cause invalid How to fix Release of Invalid Pointer or Reference? Upgrade | [,0.3.9.8)[0.4.0,0.4.5) |
nanopb is a python binding for C package nanopb. Affected versions of this package are vulnerable to Resource Exhaustion. Decoding a specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. How to fix Resource Exhaustion? Upgrade | [,0.3.9.7)[0.4.0,0.4.4) |