You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2021-21401: "In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field." Issue was reported on March 23, 2021, and was resolved with Nanopb 0.3.9.8 or 0.4.5
Steps to reproduce:
Install Firebase 7.4.0 or higher
Observe Nanopb is version 0.3.9.7 based on Google spec of Nanopb 2.03097.0
The text was updated successfully, but these errors were encountered:
[REQUIRED] Step 1: Describe your environment
CocoaPods
(select one)[REQUIRED] Step 2: Describe the problem
CVE-2021-21401: "In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid
free()
orrealloc()
calls if the message type contains anoneof
field, and theoneof
directly contains both a pointer field and a non-pointer field." Issue was reported on March 23, 2021, and was resolved with Nanopb 0.3.9.8 or 0.4.5Steps to reproduce:
The text was updated successfully, but these errors were encountered: