Bug 2049429 (CVE-2021-22570)
| Summary: | CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vipul Nair <vinair> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adrian, areber, bbennett, bdettelb, bmontgom, code, dbecker, eparis, jburrell, jjoyce, jokerman, jschluet, kde-sig, kevin, lhh, lpeer, mail, manisandro, mburns, mizdebsk, nicolas.mailhot, nstielau, orion, rdieter, sander, sclewis, shamardin, slinaber, sponnaga, spotrh, tpopela, yaneti |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | protobuf 3.15.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-10 00:33:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2050493, 2050492, 2050494, 2050495, 2050496, 2053740, 2053741, 2055641, 2055642, 2055643, 2055644, 2055645, 2055646, 2055647, 2055648, 2055649, 2064043, 2064044, 2064045 | ||
| Bug Blocks: | 2049422 | ||
|
Description
Vipul Nair
2022-02-02 09:20:17 UTC
Created protobuf tracking bugs for this issue: Affects: fedora-all [bug 2050492] Affects: openstack-rdo [bug 2050493] Created mingw-protobuf tracking bugs for this issue: Affects: fedora-all [bug 2050496] Created cascadia-code-fonts tracking bugs for this issue: Affects: fedora-all [bug 2055643] Created chromium tracking bugs for this issue: Affects: epel-all [bug 2055642] Affects: fedora-all [bug 2055644] Created pychromecast tracking bugs for this issue: Affects: fedora-all [bug 2055645] Created python-aioesphomeapi tracking bugs for this issue: Affects: fedora-all [bug 2055646] Created qt5-qtwebengine tracking bugs for this issue: Affects: fedora-all [bug 2055647] Created sorkintype-merriweather-fonts tracking bugs for this issue: Affects: fedora-all [bug 2055648] Created sorkintype-merriweather-sans-fonts tracking bugs for this issue: Affects: fedora-all [bug 2055649] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7464 https://access.redhat.com/errata/RHSA-2022:7464 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7970 https://access.redhat.com/errata/RHSA-2022:7970 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:8847 https://access.redhat.com/errata/RHSA-2022:8847 This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:8860 https://access.redhat.com/errata/RHSA-2022:8860 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-22570 |