Cyber Resilience

CVE-2021-22570

Medium

Published: 26 January 2022

Published
26 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 33.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22570 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Debian Debian Linux. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed,…

more

the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
protobuf
≤ 3.15.0
debian
debian linux
10.0, 11.0, 9.0
fedoraproject
fedora
34, 35, 36
oracle
mysql
≤ 8.0.28
netapp
active iq unified manager
all versions
netapp
oncommand insight
all versions
netapp
oncommand workflow automation
all versions
netapp
snapcenter
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References