Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-21401 |
CWE-ID | CWE-763 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Nanopb Web applications / JS libraries |
Vendor | Nanopb Project |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU76724
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21401
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a local user to preform a denial of service (DoS) attack.
The vulnerability exists due to release of invalid pointer. A local user can pass a specially crafted message to the application and perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsNanopb: 0.3.6 - 0.4.4
External linkshttp://github.com/nanopb/nanopb/blob/c9124132a604047d0ef97a09c0e99cd9bed2c818/CHANGELOG.txt#L1
http://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
http://github.com/nanopb/nanopb/issues/647
http://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.