VDB
EN
HIGH 7.5

PYSEC-2026-684

Memory leak in Nanopb

상세

### Impact Decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed.

### Patches Preliminary patch is [available on git](https://github.com/nanopb/nanopb/commit/edf6dcbffee4d614ac0c2c1b258ab95185bdb6e9) and problem will be patched in versions 0.3.9.7 and 0.4.4 once testing has been completed.

### Workarounds Following workarounds are available: * Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. * Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. * Use an arena allocator for nanopb, to make sure all memory can be released afterwards.

### References Bug report: https://github.com/nanopb/nanopb/issues/615

### For more information If you have any questions or comments about this advisory, comment on the bug report linked above.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / nanopb
최초 영향 버전: 0.3.2 수정 버전: 0.3.9.7
수정 pip install --upgrade 'nanopb>=0.3.9.7'

참고