PYSEC-2022-48

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2022-48.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2022-48
Aliases
Published
2022-01-26T14:15:00Z
Modified
2024-10-22T05:28:58.693092Z
Summary
[none]
Details

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

References

Affected packages

PyPI / protobuf

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0

Affected versions

2.*

2.0.0beta
2.0.3
2.3.0
2.4.1
2.5.0
2.6.0
2.6.1

3.*

3.0.0a2
3.0.0a3
3.0.0b1
3.0.0b1.post1
3.0.0b1.post2
3.0.0b2
3.0.0b2.post1
3.0.0b2.post2
3.0.0b3
3.0.0b4
3.0.0
3.1.0
3.1.0.post1
3.2.0rc1
3.2.0rc1.post1
3.2.0rc2
3.2.0
3.3.0
3.4.0
3.5.0.post1
3.5.1
3.5.2
3.5.2.post1
3.6.0
3.6.1
3.7.0rc2
3.7.0rc3
3.7.0
3.7.1
3.8.0rc1
3.8.0
3.9.0rc1
3.9.0
3.9.1
3.9.2
3.10.0rc1
3.10.0
3.11.0rc1
3.11.0rc2
3.11.0
3.11.1
3.11.2
3.11.3
3.12.0rc1
3.12.0rc2
3.12.0
3.12.1
3.12.2
3.12.4
3.13.0rc3
3.13.0
3.14.0rc1
3.14.0rc2
3.14.0rc3
3.14.0
3.15.0rc1
3.15.0rc2