[Bug 1234088] New: VUL-0: CVE-2024-53984: nanopb: nanopb does not release memory on error return when using PB_DECODE_DELIMITED
https://bugzilla.suse.com/show_bug.cgi?id=1234088 Bug ID: 1234088 Summary: VUL-0: CVE-2024-53984: nanopb: nanopb does not release memory on error return when using PB_DECODE_DELIMITED Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/430872/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: pstivanin@suse.com Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: thomas.leroy@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-53984 https://www.cve.org/CVERecord?id=CVE-2024-53984 https://github.com/nanopb/nanopb/commit/2b86c255aa52250438d5aba124d0e86db495... https://github.com/nanopb/nanopb/security/advisories/GHSA-xwqq-qxmw-hj5r https://bugzilla.redhat.com/show_bug.cgi?id=2329982 https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/53xxx/CVE-2024-... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1234088 https://bugzilla.suse.com/show_bug.cgi?id=1234088#c1 --- Comment #1 from Thomas Leroy <thomas.leroy@suse.com> --- Factory and Backports affected -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1234088 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1234088 https://bugzilla.suse.com/show_bug.cgi?id=1234088#c2 Paolo Stivanin <pstivanin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Paolo Stivanin <pstivanin@suse.com> --- SR for Factory: https://build.opensuse.org/requests/1228004 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1234088 https://bugzilla.suse.com/show_bug.cgi?id=1234088#c4 Paolo Stivanin <pstivanin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #4 from Paolo Stivanin <pstivanin@suse.com> --- 15-SP5 (https://build.opensuse.org/requests/1228164) and 15-SP6 (https://build.opensuse.org/requests/1228165) maintenance requests created. Closing the bug. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1234088 https://bugzilla.suse.com/show_bug.cgi?id=1234088#c6 --- Comment #6 from Marcus Meissner <meissner@suse.com> --- openSUSE-SU-2024:0400-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1234088 CVE References: CVE-2024-53984 JIRA References: Sources used: openSUSE Backports SLE-15-SP6 (src): nanopb-0.4.6-bp156.4.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com