CVE-2024-53984
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 2, 2024
CWE ID 755
CWE ID 401
Summary
CVE-2024-53984 is a vulnerability affecting Nanopb, a small implementation of Protocol Buffers. When using the compile-time option PB_ENABLE_MALLOC, message fields with the FT_POINTER type, a custom stream callback, and the pb_decode_ex() function with the PB_DECODE_DELIMITED flag, the function fails to call pb_release() as it does in other failure scenarios. This oversight can result in a memory leak, potentially leading to denial-of-service. The vulnerability has been addressed in version 0.4.9.1.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share