Buffer Overflow Affecting nanopb package, versions [,0.3.9.6) [0.4.0,0.4.2)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-NANOPB-5840629
- published 14 Aug 2023
- disclosed 1 Aug 2023
- credit PetteriAimonen
How to fix?
Upgrade nanopb
to version 0.3.9.6, 0.4.2 or higher.
Overview
nanopb is a python binding for C package nanopb.
Affected versions of this package are vulnerable to Buffer Overflow such that on platforms where size_t
equals pb_size_t
the buffer size checks in pb_write()
and pb_enc_submessage
can overflow if a bytes field has a size close to the maximum size value.
References
CVSS Scores
version 3.1