CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
googleprotobuf
𝑥
< 3.15.0
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
oraclemysql
𝑥
≤ 8.0.28
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netapponcommand_insight
-
netapponcommand_workflow_automation
-
netappsnapcenter
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
protobuf
bookworm
3.21.12-3
fixed
bullseye
3.12.4-1+deb11u1
fixed
sid
3.21.12-10
fixed
stretch
postponed
trixie
3.21.12-10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
protobuf
bionic
Fixed 3.0.0-9.1ubuntu1.1
released
focal
Fixed 3.6.1.3-2ubuntu5.2
released
impish
ignored
jammy
Fixed 3.12.4-1ubuntu7.22.04.1
released
kinetic
Fixed 3.12.4-1ubuntu7.22.10.1
released
lunar
not-affected
trusty
Fixed 2.5.0-9ubuntu1+esm1
released
xenial
Fixed 2.6.1-1.3ubuntu0.1~esm1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libprotobuf-lite20
suse enterprise desktop 15 SP3
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP4
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP5
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise sap 15 SP3
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP4
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP5
3.9.2-4.12.1
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP2
3.9.2-4.12.1
fixed
suse enterprise server 15 SP3
3.9.2-4.12.1
fixed
suse enterprise server 15 SP4
3.9.2-4.12.1
fixed
suse enterprise server 15 SP5
3.9.2-4.12.1
fixed
libprotobuf-lite20-32bit
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
libprotobuf20
suse enterprise desktop 15 SP3
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP4
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP5
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise sap 15 SP3
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP4
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP5
3.9.2-4.12.1
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP2
3.9.2-4.12.1
fixed
suse enterprise server 15 SP3
3.9.2-4.12.1
fixed
suse enterprise server 15 SP4
3.9.2-4.12.1
fixed
suse enterprise server 15 SP5
3.9.2-4.12.1
fixed
libprotobuf20-32bit
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
libprotoc20
suse enterprise desktop 15 SP3
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP4
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP5
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise sap 15 SP3
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP4
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP5
3.9.2-4.12.1
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP2
3.9.2-4.12.1
fixed
suse enterprise server 15 SP3
3.9.2-4.12.1
fixed
suse enterprise server 15 SP4
3.9.2-4.12.1
fixed
suse enterprise server 15 SP5
3.9.2-4.12.1
fixed
libprotoc20-32bit
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
protobuf-devel
suse enterprise desktop 15 SP3
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP4
3.9.2-4.12.1
fixed
suse enterprise desktop 15 SP5
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise sap 15 SP3
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP4
3.9.2-4.12.1
fixed
suse enterprise sap 15 SP5
3.9.2-4.12.1
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP2
3.9.2-4.12.1
fixed
suse enterprise server 15 SP3
3.9.2-4.12.1
fixed
suse enterprise server 15 SP4
3.9.2-4.12.1
fixed
suse enterprise server 15 SP5
3.9.2-4.12.1
fixed
protobuf-java
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
protobuf-source
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
python2-googleapis-common-protos
suse enterprise sap 15 SP1
1.6.0-150100.3.3.3
fixed
suse enterprise server 15 SP1
1.6.0-150100.3.3.3
fixed
python2-protobuf
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
python3-googleapis-common-protos
suse enterprise sap 15 SP1
1.6.0-150100.3.3.3
fixed
suse enterprise server 15 SP1
1.6.0-150100.3.3.3
fixed
python3-protobuf
suse enterprise sap 15 SP1
3.9.2-150100.8.3.3
fixed
suse enterprise server 15 SP1
3.9.2-150100.8.3.3
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
protobuf
RHEL 8
0:3.5.0-15.el8
fixed
RHEL 8.6 AUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 E4S
0:3.5.0-15.el8_6
fixed
RHEL 8.6 EUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 TUS
0:3.5.0-15.el8_6
fixed
RHEL 9
0:3.14.0-13.el9
fixed
protobuf-compiler
RHEL 8
0:3.5.0-15.el8
fixed
RHEL 8.6 AUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 E4S
0:3.5.0-15.el8_6
fixed
RHEL 8.6 EUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 TUS
0:3.5.0-15.el8_6
fixed
RHEL 9
0:3.14.0-13.el9
fixed
protobuf-devel
RHEL 8
0:3.5.0-15.el8
fixed
RHEL 8.6 AUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 E4S
0:3.5.0-15.el8_6
fixed
RHEL 8.6 EUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 TUS
0:3.5.0-15.el8_6
fixed
RHEL 9
0:3.14.0-13.el9
fixed
protobuf-lite
RHEL 8
0:3.5.0-15.el8
fixed
RHEL 8.6 AUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 E4S
0:3.5.0-15.el8_6
fixed
RHEL 8.6 EUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 TUS
0:3.5.0-15.el8_6
fixed
RHEL 9
0:3.14.0-13.el9
fixed
protobuf-lite-devel
RHEL 8
0:3.5.0-15.el8
fixed
RHEL 8.6 AUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 E4S
0:3.5.0-15.el8_6
fixed
RHEL 8.6 EUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 TUS
0:3.5.0-15.el8_6
fixed
RHEL 9
0:3.14.0-13.el9
fixed
python3-protobuf
RHEL 8
0:3.5.0-15.el8
fixed
RHEL 8.6 AUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 E4S
0:3.5.0-15.el8_6
fixed
RHEL 8.6 EUS
0:3.5.0-15.el8_6
fixed
RHEL 8.6 TUS
0:3.5.0-15.el8_6
fixed
RHEL 9
0:3.14.0-13.el9
fixed
Common Weakness Enumeration
References
https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://www.oracle.com/security-alerts/cpuapr2022.html