CVE-2021-22570

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22570

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22570.json

Aliases

Related

Published

2022-01-26T14:15:08Z

Modified

2023-11-29T08:34:22.695004Z

Details

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

References

Affected packages

Git / github.com/google/protobuf

Affected ranges

Type: GIT
Repo: https://github.com/google/protobuf
Events: Introduced

0The exact introduced commit is unknown

Fixed

ae50d9b9902526efd6c7a1907d09739f959c6297

Type: GIT
Repo: https://github.com/protocolbuffers/protobuf
Events: Introduced

0The exact introduced commit is unknown

Fixed

ae50d9b9902526efd6c7a1907d09739f959c6297

Affected versions

3.*

3.15.0-rc1

Other

conformance-build-tag

v2.*

v2.4.1

v2.5.0

v2.6.0

v2.6.1

v2.6.1rc1

v3.*

v3.0.0

v3.0.0-alpha-1

v3.0.0-alpha-2

v3.0.0-alpha-3

v3.0.0-alpha-4

v3.0.0-beta-1

v3.0.0-beta-1-bzl-fix

v3.0.0-beta-2

v3.0.0-beta-3

v3.0.0-beta-3-pre-1

v3.0.0-beta-4

v3.0.2

v3.1.0

v3.1.0-alpha-1

v3.10.0

v3.10.0-rc1

v3.11.0

v3.11.0-rc1

v3.11.0-rc2

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.12.0

v3.12.0-rc1

v3.12.0-rc2

v3.12.1

v3.12.2

v3.12.3

v3.13.0

v3.13.0-rc3

v3.13.0.1

v3.14.0

v3.14.0-rc1

v3.14.0-rc2

v3.14.0-rc3

v3.15.0-rc1

v3.15.0-rc2

v3.3.0

v3.3.0rc1

v3.3.1

v3.3.2

v3.4.0

v3.4.0rc1

v3.4.0rc2

v3.4.0rc3

v3.4.1

v3.5.0

v3.5.0.1

v3.5.1

v3.5.2

v3.6.0

v3.6.0.1

v3.6.0rc1

v3.6.0rc2

v3.6.1

v3.7.0

v3.7.0-rc.2

v3.7.0-rc.3

v3.7.0rc1

v3.7.0rc2

v3.7.1

v3.8.0

v3.8.0-rc1

v3.9.0-rc1