Bug 1195258 - (CVE-2021-22570) VUL-0: CVE-2021-22570: protobuf: Nullptr dereference when a null char is present in a proto symbol
(CVE-2021-22570)
VUL-0: CVE-2021-22570: protobuf: Nullptr dereference when a null char is pres...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Normal
: ---
Assigned To: Max Lin
Security Team bot
https://smash.suse.de/issue/321783/
CVSSv3.1:SUSE:CVE-2021-22570:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-28 09:15 UTC by Carlos López
Modified: 2022-04-19 22:35 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-01-28 09:15:57 UTC
CVE-2021-22570

Nullptr dereference when a null char is present in a proto symbol. The symbol is
parsed incorrectly, leading to an unchecked call into the proto file's name
during generation of the resulting error message. Since the symbol is
incorrectly parsed, the file is nullptr. We recommend upgrading to version
3.15.0 or greater.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570
https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
Comment 1 Carlos López 2022-01-28 09:20:59 UTC
There is not a lot of information about the bug, but going through the commit history, it seems that the fix is included in the changes to src/google/protobuf/descriptor.cc in:
https://github.com/protocolbuffers/protobuf/commit/af95001202a035d78ff997e737bd67fca22ab32a

Based on that, the affected codestreams are:
 - SUSE:SLE-15:Update
 - SUSE:SLE-15-SP2:Update
 - openSUSE:Backports:SLE-12-SP2:Update

The fix was included in release 3.15.0, so openSUSE:Factory is not affected.
Comment 2 Max Lin 2022-02-21 07:40:55 UTC
I only just have one commit according to protobuf changelog, I didn't notice I'm the internal protobuf maintainer... I can submit the latest version that should fix this issue, is it ok for you?
Comment 3 Gianluca Gabrielli 2022-02-21 09:14:44 UTC
Hi Max, same as bsc#1194530#c4 [0].

[0] https://bugzilla.suse.com/show_bug.cgi?id=1194530#c4
Comment 5 Max Lin 2022-03-11 14:08:18 UTC
MR#267360 for SUSE:SLE-15-SP2:Update
MR#267361 for SUSE:SLE-15:Update
Comment 9 Swamp Workflow Management 2022-03-14 17:25:38 UTC
openSUSE-SU-2022:0823-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1195258
CVE References: CVE-2021-22570
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    protobuf-3.5.0-5.5.1
openSUSE Leap 15.3 (src):    protobuf-3.5.0-5.5.1
Comment 10 Swamp Workflow Management 2022-03-30 13:27:37 UTC
openSUSE-SU-2022:1040-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1195258
CVE References: CVE-2021-22570
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    protobuf-3.9.2-4.12.1
openSUSE Leap 15.3 (src):    protobuf-3.9.2-4.12.1
Comment 11 Swamp Workflow Management 2022-03-30 13:28:39 UTC
SUSE-SU-2022:1040-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1195258
CVE References: CVE-2021-22570
JIRA References: 
Sources used:
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Micro 5.1 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Micro 5.0 (src):    protobuf-3.9.2-4.12.1
SUSE Linux Enterprise Installer 15-SP2 (src):    protobuf-3.9.2-4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-04-19 22:35:15 UTC
SUSE-SU-2022:1040-2: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1195258
CVE References: CVE-2021-22570
JIRA References: 
Sources used:
SUSE Linux Enterprise Micro 5.2 (src):    protobuf-3.9.2-4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.