Login Sign Up

CVE-2014-125106

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a size_t overflow vulnerability in Nanopb's pb_dec_bytes and pb_dec_string functions, allowing attackers to cause buffer overflows and potentially execute arbitrary code. It affects systems using Nanopb library versions before 0.3.1 for Protocol Buffers data parsing. The vulnerability is particularly dangerous in applications processing untrusted Protocol Buffers data.

💻 Affected Systems

Products:
  • Nanopb Protocol Buffers library
Versions: All versions before 0.3.1
Operating Systems: All platforms using Nanopb
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using Nanopb to parse Protocol Buffers data from untrusted sources is vulnerable.

📦 What is this software?

Nanopb by Nanopb Project

View all CVEs affecting Nanopb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or service disruption.

🟠

Likely Case

Denial of service through application crashes or memory corruption leading to instability.

🟢

If Mitigated

Contained impact with proper input validation and memory protections limiting exploit effectiveness.

🌐 Internet-Facing: HIGH - Applications processing external Protocol Buffers data are directly vulnerable to remote exploitation.
🏢 Internal Only: MEDIUM - Internal systems processing untrusted Protocol Buffers data remain vulnerable to insider threats or lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious Protocol Buffers data to trigger the size_t overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.1 and later

Vendor Advisory: https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt

Restart Required: Yes

Instructions:

1. Update Nanopb library to version 0.3.1 or later. 2. Recompile all applications using Nanopb. 3. Restart affected services. 4. Verify the fix by checking the Nanopb version in use.

🔧 Temporary Workarounds

Input validation wrapper

all

Implement strict input validation for Protocol Buffers data size before passing to Nanopb functions.

Memory protection

all

Enable ASLR, DEP, and other memory protection mechanisms to reduce exploit effectiveness.

🧯 If You Can't Patch

  • Isolate systems using vulnerable Nanopb versions from untrusted networks.
  • Implement strict network filtering to block Protocol Buffers data from untrusted sources.

🔍 How to Verify

Check if Vulnerable:

Check if application links against Nanopb library version < 0.3.1 using ldd (Linux) or dependency analysis tools.

Check Version:

Check build configuration or use: grep -r 'nanopb' /path/to/application/ | grep -i version

Verify Fix Applied:

Verify Nanopb version is 0.3.1 or later in application dependencies and recompiled binaries.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory corruption errors
  • Unexpected termination of Protocol Buffers parsing services

Network Indicators:

  • Unusually large Protocol Buffers payloads
  • Protocol Buffers traffic to vulnerable services

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "buffer overflow" OR "nanopb")

📊 Metadata

CVE ID: CVE-2014-125106
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 17, 2023
Last Updated: December 17, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-125106, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)