All errata/sisyphus/ALT-PU-2021-2250-3
ALT-PU-2021-2250-3

Package update protobuf in branch sisyphus

Version3.16.0-alt1
Task#278642
Published2026-02-05
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2023-03824
MEDIUM5.5

Уязвимость протокола сериализации данных Protobuf, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-07-20Modified: 2026-01-20
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2021-22570
MEDIUM5.5

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Published: 2022-01-26Modified: 2024-11-21
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References