Miggo Logo

CVE-2021-22570:
NULL Pointer Dereference in Protocol Buffers

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.37047%
Published
1/27/2022
Updated
10/21/2024
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Google.Protobufnuget< 3.15.03.15.0
google/protobufcomposer< 3.15.03.15.0
github.com/protocolbuffers/protobufgo< 3.15.03.15.0
protobufpip< 3.15.03.15.0
com.google.protobuf:protobuf-javamaven< 3.15.03.15.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper null checks when handling proto symbols containing null characters. The error message generation path (LogError) accesses the file descriptor's name without validating the descriptor's validity after parsing corrupted symbols. The symbol resolution logic (FindFileByName) may return a null file descriptor when parsing fails, which is then used unsafely. These functions are core to the descriptor parsing and error reporting mechanism, aligning with the CVE description of nullptr dereference during error message generation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Nullptr **r***r*n** w**n * null ***r is pr*s*nt in * proto sym*ol. T** sym*ol is p*rs** in*orr**tly, l***in* to *n un****k** **ll into t** proto *il*'s n*m* *urin* **n*r*tion o* t** r*sultin* *rror m*ss***. Sin** t** sym*ol is in*orr**tly p*rs**, t**

Reasoning

T** vuln*r**ility st*ms *rom improp*r null ****ks w**n **n*lin* proto sym*ols *ont*inin* null ***r**t*rs. T** *rror m*ss*** **n*r*tion p*t* (`Lo**rror`) ****ss*s t** *il* **s*riptor's n*m* wit*out v*li**tin* t** **s*riptor's v*li*ity **t*r p*rsin* *o