NULL Pointer Dereference in Protocol Buffers

Description

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Repository: OpenNMS/grpc-server (https://github.com/OpenNMS/grpc-server)
Dependabot: https://github.com/OpenNMS/grpc-server/security/dependabot/8
CVE: CVE-2021-22570
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GHSA: GHSA-77rm-9x9h-xj3g
Severity: high
Ecosystem: maven
Package Name: com.google.protobuf:protobuf-java
Vulnerable Version Range: < 3.15.0
First Patched Version: 3.15.0

Acceptance / Success Criteria

None

Activity

Show:

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty

Created August 7, 2023 at 8:42 PM

Updated August 7, 2023 at 8:42 PM

NULL Pointer Dereference in Protocol Buffers

Description

Acceptance / Success Criteria

Activity

DetailsAssigneeUnassignedUnassignedReporteronms security jiraonms security jiraLabelsdependabotsecurityPriorityTrivial

Details

Assignee

Reporter

Labels

Priority

PagerDutyPagerDuty Incident

PagerDuty

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty