CVE-2021-22570:
NULL Pointer Dereference in Protocol Buffers
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.37047%
CWE
Published
1/27/2022
Updated
10/21/2024
KEV Status
No
Technology
C#
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Google.Protobuf | nuget | < 3.15.0 | 3.15.0 |
google/protobuf | composer | < 3.15.0 | 3.15.0 |
github.com/protocolbuffers/protobuf | go | < 3.15.0 | 3.15.0 |
protobuf | pip | < 3.15.0 | 3.15.0 |
com.google.protobuf:protobuf-java | maven | < 3.15.0 | 3.15.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper null checks when handling proto symbols containing null characters. The error message generation path (LogError
) accesses the file descriptor's name without validating the descriptor's validity after parsing corrupted symbols. The symbol resolution logic (FindFileByName
) may return a null file descriptor when parsing fails, which is then used unsafely. These functions are core to the descriptor parsing and error reporting mechanism, aligning with the CVE description of nullptr dereference during error message generation.