GHSA-77rm-9x9h-xj3g

Suggest an improvement
Source
https://github.com/advisories/GHSA-77rm-9x9h-xj3g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-77rm-9x9h-xj3g/GHSA-77rm-9x9h-xj3g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-77rm-9x9h-xj3g
Aliases
Related
Published
2022-01-27T00:01:15Z
Modified
2024-10-22T05:28:58.693092Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
NULL Pointer Dereference in Protocol Buffers
Details

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Database specific
{
    "nvd_published_at": "2022-01-26T14:15:00Z",
    "cwe_ids": [
        "CWE-476"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-03T22:48:51Z"
}
References

Affected packages

NuGet / Google.Protobuf

Package

Name
Google.Protobuf
View open source insights on deps.dev
Purl
pkg:nuget/Google.Protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0

Affected versions

0.*

0.0.1-test1

3.*

3.0.0-alpha4
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0
3.1.0
3.2.0-rc1
3.2.0-rc2
3.2.0
3.3.0
3.4.0
3.4.1
3.5.0
3.5.1
3.6.0
3.6.1
3.7.0
3.8.0
3.9.0-rc1
3.9.0
3.9.1
3.9.2
3.10.0-rc1
3.10.0
3.10.1
3.11.0-rc1
3.11.0-rc2
3.11.1
3.11.2
3.11.3
3.11.4
3.12.0-rc1
3.12.0-rc2
3.12.0
3.12.1
3.12.2
3.12.3
3.12.4
3.13.0-rc3
3.13.0
3.14.0-rc1
3.14.0-rc2
3.14.0-rc3
3.14.0
3.15.0-rc1
3.15.0-rc2

Packagist / google/protobuf

Package

Name
google/protobuf
Purl
pkg:composer/google/protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0

Affected versions

v3.*

v3.1.0-alpha-1
v3.2.0-alpha-1
v3.3.0rc1
v3.3.0
v3.3.1
v3.3.2
v3.4.0rc1
v3.4.0rc2
v3.4.0rc3
v3.4.0
v3.4.1
v3.5.0
v3.5.0.1
v3.5.1
v3.5.1.1
v3.5.2
v3.6.0rc1
v3.6.0rc2
v3.6.0
v3.6.0.1
v3.6.1
v3.6.1.1
v3.6.1.2
v3.6.1.3
v3.7.0rc1
v3.7.0rc2
v3.7.0-rc.3
v3.7.0
v3.7.1
v3.8.0RC1
v3.8.0
v3.9.0RC1
v3.9.0
v3.9.1
v3.9.2
v3.10.0RC1
v3.10.0
v3.11.0RC1
v3.11.0RC2
v3.11.0
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.12.0RC1
v3.12.0RC2
v3.12.0
v3.12.1
v3.12.2
v3.12.4
v3.13.0RC3
v3.13.0
v3.13.0.1
v3.14.0RC1
v3.14.0RC2
v3.14.0RC3
v3.14.0
v3.15.0RC1
v3.15.0RC2

Maven / com.google.protobuf:protobuf-java

Package

Name
com.google.protobuf:protobuf-java
View open source insights on deps.dev
Purl
pkg:maven/com.google.protobuf/protobuf-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0

Affected versions

2.*

2.0.1
2.0.3
2.1.0
2.2.0
2.3.0
2.4.0a
2.4.1
2.5.0
2.6.0
2.6.1

3.*

3.0.0-alpha-2
3.0.0-alpha-3
3.0.0-alpha-3.1
3.0.0-beta-1
3.0.0-beta-2
3.0.0-beta-3
3.0.0-beta-4
3.0.0
3.0.2
3.1.0
3.2.0rc2
3.2.0-rc.1
3.2.0
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1
3.6.0
3.6.1
3.7.0-rc1
3.7.0
3.7.1
3.8.0-rc-1
3.8.0
3.9.0-rc-1
3.9.0
3.9.1
3.9.2
3.10.0-rc-1
3.10.0
3.11.0-rc-1
3.11.0-rc-2
3.11.0
3.11.1
3.11.3
3.11.4
3.12.0-rc-1
3.12.0-rc-2
3.12.0
3.12.1
3.12.2
3.12.4
3.13.0-rc-3
3.13.0
3.14.0-rc-1
3.14.0-rc-2
3.14.0-rc-3
3.14.0
3.15.0-rc-1
3.15.0-rc-2

Go / github.com/protocolbuffers/protobuf

Package

Name
github.com/protocolbuffers/protobuf
View open source insights on deps.dev
Purl
pkg:golang/github.com/protocolbuffers/protobuf

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0

PyPI / protobuf

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0

Affected versions

2.*

2.0.0beta
2.0.3
2.3.0
2.4.1
2.5.0
2.6.0
2.6.1

3.*

3.0.0a2
3.0.0a3
3.0.0b1
3.0.0b1.post1
3.0.0b1.post2
3.0.0b2
3.0.0b2.post1
3.0.0b2.post2
3.0.0b3
3.0.0b4
3.0.0
3.1.0
3.1.0.post1
3.2.0rc1
3.2.0rc1.post1
3.2.0rc2
3.2.0
3.3.0
3.4.0
3.5.0.post1
3.5.1
3.5.2
3.5.2.post1
3.6.0
3.6.1
3.7.0rc2
3.7.0rc3
3.7.0
3.7.1
3.8.0rc1
3.8.0
3.9.0rc1
3.9.0
3.9.1
3.9.2
3.10.0rc1
3.10.0
3.11.0rc1
3.11.0rc2
3.11.0
3.11.1
3.11.2
3.11.3
3.12.0rc1
3.12.0rc2
3.12.0
3.12.1
3.12.2
3.12.4
3.13.0rc3
3.13.0
3.14.0rc1
3.14.0rc2
3.14.0rc3
3.14.0
3.15.0rc1
3.15.0rc2