Browse all 4 CVE security advisories affecting nanopb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nanopb is a small Protocol Buffers implementation designed for resource-constrained embedded systems. Historically, vulnerabilities have included buffer overflows leading to remote code execution, integer overflows causing denial of service, and memory corruption issues. While no major public incidents have been widely documented, the four recorded CVEs highlight potential risks in memory handling and parsing logic. Its minimal footprint prioritizes efficiency over comprehensive security features, making careful implementation crucial. Developers should validate inputs rigorously and apply patches promptly, as malformed protobuf messages could exploit parsing flaws. The library's focus on performance necessitates trade-offs that may introduce security considerations absent in larger alternatives.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-53984 | Nanopb does not release memory on error return when using PB_DECODE_DELIMITED — nanopbCWE-401 | 4.3 | Medium | 2024-12-02 |
| CVE-2021-21401 | Invalid free() call in Nanopb — nanopbCWE-763 | 7.1 | High | 2021-03-23 |
| CVE-2020-26243 | Memory leak in nanopb — nanopbCWE-20 | 7.5 | High | 2020-11-25 |
| CVE-2020-5235 | Out-of-memory condition in Nanopb is potentially exploitable — NanopbCWE-125 | 6.5 | Medium | 2020-02-04 |
This page lists every published CVE security advisory associated with nanopb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.