CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
GoogleCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
googleprotobuf
𝑥
< 3.15.0
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
oraclemysql
𝑥
≤ 8.0.28
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netapponcommand_insight
-
netapponcommand_workflow_automation
-
netappsnapcenter
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
protobuf
bullseye
3.12.4-1+deb11u1
fixed
stretch
postponed
bookworm
3.21.12-3
fixed
sid
3.21.12-10
fixed
trixie
3.21.12-10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
protobuf
lunar
not-affected
kinetic
Fixed 3.12.4-1ubuntu7.22.10.1
released
jammy
Fixed 3.12.4-1ubuntu7.22.04.1
released
impish
ignored
focal
Fixed 3.6.1.3-2ubuntu5.2
released
bionic
Fixed 3.0.0-9.1ubuntu1.1
released
xenial
Fixed 2.6.1-1.3ubuntu0.1~esm1
released
trusty
Fixed 2.5.0-9ubuntu1+esm1
released
Common Weakness Enumeration
References
https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://www.oracle.com/security-alerts/cpuapr2022.html