Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-22570

Опубликовано: 26 янв. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7protobufOut of support scope
Red Hat OpenShift Container Platform 4openshift4/ose-kuryr-cni-rhel8Will not fix
Red Hat OpenShift Container Platform 4openshift4/ose-kuryr-controller-rhel8Will not fix
Red Hat Quay 3quay/quay-rhel8Not affected
Red Hat Enterprise Linux 8protobufFixedRHSA-2022:746408.11.2022
Red Hat Enterprise Linux 8.6 Extended Update SupportprotobufFixedRHSA-2024:343328.05.2024
Red Hat Enterprise Linux 9protobufFixedRHSA-2022:797015.11.2022
Red Hat OpenStack Platform 16.1protobufFixedRHSA-2022:886007.12.2022
Red Hat OpenStack Platform 16.2protobufFixedRHSA-2022:884707.12.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2049429protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

EPSS

Процентиль: 36%
0.0015
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-22570

CVSS3: 6.5
ubuntu
около 4 лет назад

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

nvd логотип

CVE-2021-22570

CVSS3: 6.5
nvd
около 4 лет назад

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

msrc логотип

CVE-2021-22570

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-22570

CVSS3: 6.5
debian
около 4 лет назад

Nullptr dereference when a null char is present in a proto symbol. The ...

suse-cvrf логотип

openSUSE-SU-2022:1040-1

suse-cvrf
почти 4 года назад

Security update for protobuf

EPSS

Процентиль: 36%
0.0015
Низкий

7.5 High

CVSS3