CVE-2021-22570

CVSS v3.1 5.5 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (17^th)

Affected Products 8

Advisories 30

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2022-01-26 14:15:08
(2 years ago)
Updated Date: 2023-11-07 03:30:21
(10 months ago)

Affected Products

Netapp

Oracle

Mysql

Configuration #1

		CPE23	From	Up To
	Google Protobuf prior 3.15.0 version	cpe:2.3:a:google:protobuf		< 3.15.0

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36

Configuration #4

		CPE23	From	Up To
	Oracle Mysql 8.0.28 and prior versions	cpe:2.3:a:oracle:mysql		<= 8.0.28

Configuration #5

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Active Iq Unified Manager for Windows	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows
	Netapp Oncommand Insight	cpe:2.3:a:netapp:oncommand_insight:-
	Netapp Oncommand Workflow Automation	cpe:2.3:a:netapp:oncommand_workflow_automation:-
	Netapp Snapcenter	cpe:2.3:a:netapp:snapcenter:-

Weaknesses

Affected Products

Debian

Fedoraproject

Google