CVE-2024-53984

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 2, 2024
CWE ID 755
CWE ID 401

Summary

CVE-2024-53984 is a vulnerability affecting Nanopb, a small implementation of Protocol Buffers. When using the compile-time option PB_ENABLE_MALLOC, message fields with the FT_POINTER type, a custom stream callback, and the pb_decode_ex() function with the PB_DECODE_DELIMITED flag, the function fails to call pb_release() as it does in other failure scenarios. This oversight can result in a memory leak, potentially leading to denial-of-service. The vulnerability has been addressed in version 0.4.9.1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share