Описание
Security update for nanopb
This update for nanopb fixes the following issues:
- CVE-2024-53984: Fix memory not released on error return (boo#1234088)
Список пакетов
SUSE Package Hub 15 SP6
libprotobuf-nanopb0-0.4.6-bp156.4.3.1
nanopb-devel-0.4.6-bp156.4.3.1
nanopb-source-0.4.6-bp156.4.3.1
openSUSE Leap 15.6
libprotobuf-nanopb0-0.4.6-bp156.4.3.1
nanopb-devel-0.4.6-bp156.4.3.1
nanopb-source-0.4.6-bp156.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0400-1
- SUSE Security Ratings
- SUSE Bug 1234088
- SUSE CVE CVE-2024-53984 page
Описание
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1.
Затронутые продукты
SUSE Package Hub 15 SP6:libprotobuf-nanopb0-0.4.6-bp156.4.3.1
SUSE Package Hub 15 SP6:nanopb-devel-0.4.6-bp156.4.3.1
SUSE Package Hub 15 SP6:nanopb-source-0.4.6-bp156.4.3.1
openSUSE Leap 15.6:libprotobuf-nanopb0-0.4.6-bp156.4.3.1
Ссылки
- CVE-2024-53984
- SUSE Bug 1234088