CVE-2021-22570

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22570

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22570.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22570

Aliases

Related

Published

2022-01-26T14:15:08Z

Modified

2025-02-14T11:23:24.342849Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

References

Affected packages

Debian:11 / protobuf

Package

Name: protobuf
Purl: pkg:deb/debian/protobuf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.4-1+deb11u1

Affected versions

3.*

3.12.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / protobuf

Package

Name: protobuf
Purl: pkg:deb/debian/protobuf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.21.9-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / protobuf

Package

Name: protobuf
Purl: pkg:deb/debian/protobuf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.21.9-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/protocolbuffers/protobuf

Affected ranges

Type: GIT
Repo: https://github.com/protocolbuffers/protobuf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ae50d9b9902526efd6c7a1907d09739f959c6297

Affected versions

3.*

3.15.0-rc1

Other

conformance-build-tag

v2.*

v2.4.1

v2.5.0

v2.6.0

v2.6.1

v2.6.1rc1

v3.*

v3.0.0

v3.0.0-alpha-1

v3.0.0-alpha-2

v3.0.0-alpha-3

v3.0.0-alpha-4

v3.0.0-beta-1

v3.0.0-beta-1-bzl-fix

v3.0.0-beta-2

v3.0.0-beta-3

v3.0.0-beta-3-pre-1

v3.0.0-beta-4

v3.0.2

v3.1.0

v3.1.0-alpha-1

v3.10.0

v3.10.0-rc1

v3.11.0

v3.11.0-rc1

v3.11.0-rc2

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.12.0

v3.12.0-rc1

v3.12.0-rc2

v3.12.1

v3.12.2

v3.12.3

v3.13.0

v3.13.0-rc3

v3.13.0.1

v3.14.0

v3.14.0-rc1

v3.14.0-rc2

v3.14.0-rc3

v3.15.0-rc1

v3.15.0-rc2

v3.3.0

v3.3.0rc1

v3.3.1

v3.3.2

v3.4.0

v3.4.0rc1

v3.4.0rc2

v3.4.0rc3

v3.4.1

v3.5.0

v3.5.0.1

v3.5.1

v3.5.2

v3.6.0

v3.6.0.1

v3.6.0rc1

v3.6.0rc2

v3.6.1

v3.7.0

v3.7.0-rc.2

v3.7.0-rc.3

v3.7.0rc1

v3.7.0rc2

v3.7.1

v3.8.0

v3.8.0-rc1

v3.9.0-rc1