{"schema_version":"1.7.2","id":"OESA-2022-2106","modified":"2022-11-18T11:04:38Z","published":"2022-11-18T11:04:38Z","upstream":["CVE-2021-22570"],"summary":"protobuf security update","details":"Protocol Buffers (a.k.a., protobuf) are Google\u0026apos;s language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf\u0026apos;s documentation on the Google Developers site.\r\n\r\nSecurity Fix(es):\r\n\r\nNullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file\u0026apos;s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.(CVE-2021-22570)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"protobuf","purl":"pkg:rpm/openEuler/protobuf\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.0-6.oe1"}]}],"ecosystem_specific":{"aarch64":["protobuf-devel-3.14.0-6.oe1.aarch64.rpm","protobuf-lite-3.14.0-6.oe1.aarch64.rpm","protobuf-3.14.0-6.oe1.aarch64.rpm","protobuf-lite-devel-3.14.0-6.oe1.aarch64.rpm","protobuf-debugsource-3.14.0-6.oe1.aarch64.rpm","protobuf-debuginfo-3.14.0-6.oe1.aarch64.rpm","protobuf-compiler-3.14.0-6.oe1.aarch64.rpm"],"noarch":["protobuf-bom-3.14.0-6.oe1.noarch.rpm","protobuf-javalite-3.14.0-6.oe1.noarch.rpm","protobuf-javadoc-3.14.0-6.oe1.noarch.rpm","protobuf-java-util-3.14.0-6.oe1.noarch.rpm","python3-protobuf-3.14.0-6.oe1.noarch.rpm","protobuf-java-3.14.0-6.oe1.noarch.rpm","protobuf-parent-3.14.0-6.oe1.noarch.rpm"],"src":["protobuf-3.14.0-6.oe1.src.rpm"],"x86_64":["protobuf-lite-devel-3.14.0-6.oe1.x86_64.rpm","protobuf-debuginfo-3.14.0-6.oe1.x86_64.rpm","protobuf-compiler-3.14.0-6.oe1.x86_64.rpm","protobuf-3.14.0-6.oe1.x86_64.rpm","protobuf-devel-3.14.0-6.oe1.x86_64.rpm","protobuf-debugsource-3.14.0-6.oe1.x86_64.rpm","protobuf-lite-3.14.0-6.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2106"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22570"}],"database_specific":{"severity":"High"}}