OESA-2022-2106

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2106
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-2106.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-2106
Upstream
Published
2022-11-18T11:04:38Z
Modified
2025-08-12T05:07:19.267784Z
Summary
protobuf security update
Details

Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site.

Security Fix(es):

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.(CVE-2021-22570)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / protobuf

Package

Name
protobuf
Purl
pkg:rpm/openEuler/protobuf&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.14.0-6.oe1

Ecosystem specific 

{
    "noarch": [
        "protobuf-bom-3.14.0-6.oe1.noarch.rpm",
        "protobuf-javalite-3.14.0-6.oe1.noarch.rpm",
        "protobuf-javadoc-3.14.0-6.oe1.noarch.rpm",
        "protobuf-java-util-3.14.0-6.oe1.noarch.rpm",
        "python3-protobuf-3.14.0-6.oe1.noarch.rpm",
        "protobuf-java-3.14.0-6.oe1.noarch.rpm",
        "protobuf-parent-3.14.0-6.oe1.noarch.rpm"
    ],
    "src": [
        "protobuf-3.14.0-6.oe1.src.rpm"
    ],
    "aarch64": [
        "protobuf-devel-3.14.0-6.oe1.aarch64.rpm",
        "protobuf-lite-3.14.0-6.oe1.aarch64.rpm",
        "protobuf-3.14.0-6.oe1.aarch64.rpm",
        "protobuf-lite-devel-3.14.0-6.oe1.aarch64.rpm",
        "protobuf-debugsource-3.14.0-6.oe1.aarch64.rpm",
        "protobuf-debuginfo-3.14.0-6.oe1.aarch64.rpm",
        "protobuf-compiler-3.14.0-6.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "protobuf-lite-devel-3.14.0-6.oe1.x86_64.rpm",
        "protobuf-debuginfo-3.14.0-6.oe1.x86_64.rpm",
        "protobuf-compiler-3.14.0-6.oe1.x86_64.rpm",
        "protobuf-3.14.0-6.oe1.x86_64.rpm",
        "protobuf-devel-3.14.0-6.oe1.x86_64.rpm",
        "protobuf-debugsource-3.14.0-6.oe1.x86_64.rpm",
        "protobuf-lite-3.14.0-6.oe1.x86_64.rpm"
    ]
}