Headline
Ubuntu Security Notice USN-6121-1
Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6121-1May 30, 2023nanopb vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Nanopb.Software Description:- nanopb: Protocol Buffers with small code sizeDetails:It was discovered that Nanopb incorrectly handled certain decode messages.An attacker could possibly use this cause a denial of service or exposesensitive information. (CVE-2020-26243)It was discovered that Nanopb incorrectly handled certain decode messages.An attacker could possibly use this issue to cause a denial of serviceor execute arbitrary code. (CVE-2021-21401)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS (Available with Ubuntu Pro): nanopb 0.4.1-1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6121-1 CVE-2020-26243, CVE-2021-21401Related news
### Impact Decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. ### Patches Preliminary patch is available on git for [0.4.x](https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261) and [0.3.x](https://github.com/nanopb/nanopb/commit/4a375a560651a86726e5283be85a9231fd0efe9c) branches. The fix will be released in versions 0.3.9.8 and 0.4.5 once testing has been completed. ### Workarounds Following workarounds are available: * Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, a...