Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/protocolbuffers/protobuf: CVE-2021-22570 #271

Closed
GoVulnBot opened this issue Feb 4, 2022 · 0 comments
Closed

x/vulndb: potential Go vuln in github.com/protocolbuffers/protobuf: CVE-2021-22570 #271

GoVulnBot opened this issue Feb 4, 2022 · 0 comments
Assignees
@neild
Labels
cve-year-2021 excluded: NOT_GO_CODE This vulnerability does not refer to a Go module.

Comments

@GoVulnBot
Copy link

In CVE-2021-22570, the reference URL github.com/protocolbuffers/protobuf (and possibly others) refers to something in Go.

module: github.com/protocolbuffers/protobuf
package: Protobuf
description: |
    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
cves:
  - CVE-2021-22570
links:
    context:
      - https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0

See doc/triage.md for instructions on how to triage this report.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neild neild

Labels
cve-year-2021 excluded: NOT_GO_CODE This vulnerability does not refer to a Go module.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neild @FiloSottile @julieqiu @GoVulnBot