CVE-2014-125106

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 17, 2023

Updated: Dec 17, 2024

CWE ID 787

Summary

CVE-2014-125106 is a vulnerability affecting the Nanopb library before version 0.3.1. This issue permits size_t overflows in the functions pb_dec_bytes and pb_dec_string, which can lead to buffer overflow conditions and potentially unintended code execution. Attackers could exploit this vulnerability by sending specially crafted data to the affected system, resulting in memory corruption and potential security compromise. Users are advised to upgrade to the latest version of Nanopb to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nanopb Project Nanopb

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rrdmds
https://www.cve.org/CVERecord?id=CVE-2014-125106
https://nvd.nist.gov/vuln/detail/CVE-2014-125106

Back to Vulnerability Database

CVE-2014-125106

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations