High severityNVD Advisory· Published Jan 26, 2022· Updated Apr 21, 2025
Nullptr Dereference in Protobuf
CVE-2021-22570
Description
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Google.ProtobufNuGet | < 3.15.0 | 3.15.0 |
google/protobufPackagist | < 3.15.0 | 3.15.0 |
com.google.protobuf:protobuf-javaMaven | < 3.15.0 | 3.15.0 |
github.com/protocolbuffers/protobufGo | < 0.0.0-20210218195015-ae50d9b99025 | 0.0.0-20210218195015-ae50d9b99025 |
protobufPyPI | < 3.15.0 | 3.15.0 |
github.com/protocolbuffers/protobufGo | >= 0.0.0, < 3.15.0 | 3.15.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- github.com/advisories/GHSA-77rm-9x9h-xj3gghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2021-22570ghsaADVISORY
- github.com/protocolbuffers/protobuf/releases/tag/v3.15.0ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2023/04/msg00019.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5XghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYYghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6BghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCEghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLPghsaWEB
- security.netapp.com/advisory/ntap-20220429-0005ghsaWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsaWEB
- security.netapp.com/advisory/ntap-20220429-0005/mitre
News mentions
0No linked articles in our index yet.