CVE-2021-22570

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-22570
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-01-26 14:15:00 UTC
Updated2023-11-07 03:30:00 UTC
DescriptionNullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 34 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Application Google Protobuf All All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Oncommand Insight - All All All
Application Netapp Oncommand Workflow Automation - All All All
Application Netapp Snapcenter - All All All
Application Oracle Mysql All All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 35 Update: chromium-99.0.4844.51-1.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 34 Update: mingw-protobuf-3.14.0-4.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 35 Update: chromium-99.0.4844.51-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Oracle Critical Patch Update Advisory - April 2022 MISC www.oracle.com
[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 34 Update: mingw-protobuf-3.14.0-4.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 34 Update: chromium-99.0.4844.51-1.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] [DLA 3393-1] protobuf security update MLIST lists.debian.org
[SECURITY] Fedora 34 Update: protobuf-3.14.0-7.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 36 Update: chromium-99.0.4844.51-1.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 34 Update: protobuf-3.14.0-7.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 35 Update: mingw-protobuf-3.14.0-4.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: chromium-99.0.4844.51-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Release Protocol Buffers v3.15.0 · protocolbuffers/protobuf · GitHub CONFIRM github.com
[SECURITY] Fedora 35 Update: mingw-protobuf-3.14.0-4.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
April 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] Fedora 34 Update: chromium-99.0.4844.51-1.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160224 Oracle Enterprise Linux Security Update for protobuf (ELSA-2022-7464)
  • 160267 Oracle Enterprise Linux Security Update for protobuf (ELSA-2022-7970)
  • 181741 Debian Security Update for protobuf (DLA 3393-1)
  • 184001 Debian Security Update for protobuf (CVE-2021-22570)
  • 199233 Ubuntu Security Notification for Protocol Buffers Vulnerabilities (USN-5945-1)
  • 20256 Oracle MySQL April 2022 Critical Patch Update (CPUAPR2022)
  • 240813 Red Hat Update for protobuf (RHSA-2022:7464)
  • 240886 Red Hat Update for protobuf (RHSA-2022:7970)
  • 240975 Red Hat Update for OpenStack Platform 16.1.9 (RHSA-2022:8860)
  • 240986 Red Hat Update for OpenStack Platform 16.2.4 (RHSA-2022:8847)
  • 282391 Fedora Security Update for protobuf (FEDORA-2022-ffe4a1cedd)
  • 282446 Fedora Security Update for protobuf (FEDORA-2022-2d3e6eb9e4)
  • 282464 Fedora Security Update for mingw (FEDORA-2022-486d5f349d)
  • 282465 Fedora Security Update for mingw (FEDORA-2022-fedff53e4e)
  • 282470 Fedora Security Update for chromium (FEDORA-2022-d1a15f9cdb)
  • 282480 Fedora Security Update for chromium (FEDORA-2022-49b52819a4)
  • 354330 Amazon Linux Security Advisory for protobuf : ALAS2022-2022-098
  • 354462 Amazon Linux Security Advisory for protobuf : ALAS2022-2022-165
  • 354721 Amazon Linux Security Advisory for protobuf : ALAS-2023-1676
  • 354729 Amazon Linux Security Advisory for protobuf : ALAS2-2023-1931
  • 354772 Amazon Linux Security Advisory for protobuf : ALAS2-2023-1948
  • 355275 Amazon Linux Security Advisory for protobuf : ALAS2023-2023-009
  • 379050 Splunk Enterprise Multiple Vulnerabilities (SVD-2023-1104,SVD-2023-1105)
  • 671736 EulerOS Security Update for protobuf (EulerOS-SA-2022-1814)
  • 671743 EulerOS Security Update for protobuf (EulerOS-SA-2022-1797)
  • 671780 EulerOS Security Update for protobuf (EulerOS-SA-2022-1851)
  • 671792 EulerOS Security Update for protobuf (EulerOS-SA-2022-1875)
  • 672024 EulerOS Security Update for protobuf (EulerOS-SA-2022-2232)
  • 672075 EulerOS Security Update for protobuf (EulerOS-SA-2022-2279)
  • 751872 OpenSUSE Security Update for protobuf (openSUSE-SU-2022:0823-1)
  • 751955 OpenSUSE Security Update for protobuf (openSUSE-SU-2022:1040-1)
  • 751984 SUSE Enterprise Linux Security Update for protobuf (SUSE-SU-2022:1040-1)
  • 752664 SUSE Enterprise Linux Security Update for protobuf (SUSE-SU-2022:1040-3)
  • 754157 SUSE Enterprise Linux Security Update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt (SUSE-SU-2023:2783-1)
  • 754878 SUSE Enterprise Linux Security Update for grpc, protobuf, python-DEPRECATED, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt (SUSE-SU-2023:2783-2)
  • 900627 Common Base Linux Mariner (CBL-Mariner) Security Update for protobuf (8349)
  • 902067 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (9830)
  • 902376 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (9830-1)
  • 940751 AlmaLinux Security Update for protobuf (ALSA-2022:7464)
  • 940830 AlmaLinux Security Update for protobuf (ALSA-2022:7970)
  • 960304 Rocky Linux Security Update for protobuf (RLSA-2022:7464)
  • 960471 Rocky Linux Security Update for protobuf (RLSA-2022:7970)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report