CVE-2021-21401: "In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field." Issue was reported on March 23, 2021, and was resolved with Nanopb 0.3.9.8 or 0.4.5
[REQUIRED] Step 1: Describe your environment
[REQUIRED] Step 2: Describe the problem
CVE-2021-21401: "In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field." Issue was reported on March 23, 2021, and was resolved with Nanopb 0.3.9.8 or 0.4.5