PT-2021-7858 · Google+11 · Protocol Buffers+10

Published

2021-02-19

·

Updated

2026-05-18

·

CVE-2021-22570

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Protocol Buffers versions prior to 3.15.0 MySQL Server versions 8.0.28 and earlier
Description A nullptr dereference occurs when a null char is present in a proto symbol, leading to an unchecked call into the proto file's name during generation of the resulting error message. The symbol is parsed incorrectly, resulting in the file being nullptr. This issue can be exploited to cause a denial of service, allowing an attacker to compromise the MySQL Server.
Recommendations For Protocol Buffers versions prior to 3.15.0, upgrade to version 3.15.0 or greater. For MySQL Server versions 8.0.28 and earlier, upgrade to a version later than 8.0.28.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2022:7464
ALSA-2022:7970
ALT-PU-2021-2250
ALT-PU-2022-2156
ALT-PU-2022-2171
ALT-PU-2023-1912
AZL-9830
BDU:2023-03824
CESA-2022_7464
CLEANSTART-2026-JU62349
CLEANSTART-2026-SQ91016
CLEANSTART-2026-SV95049
CLEANSTART-2026-WK99982
CVE-2021-22570
DLA-3393-1
GHSA-77RM-9X9H-XJ3G
INFSA-2022_7970
OESA-2022-2106
OESA-2024-2071
OPENSUSE-SU-2022:0823-1
OPENSUSE-SU-2022:1040-1
OPENSUSE-SU-2022_0823-1
OPENSUSE-SU-2022_1040-1
PYSEC-2022-48
RHSA-2022:7464
RHSA-2022:7970
RHSA-2022:8847
RHSA-2022:8860
RHSA-2022_7464
RHSA-2022_7970
RHSA-2024:3433
RLSA-2022:7464
RLSA-2022:7970
SUSE-SU-2022:1040-1
SUSE-SU-2022:1040-2
SUSE-SU-2022:1040-3
SUSE-SU-2022_1040-1
SUSE-SU-2022_1040-3
SUSE-SU-2023:2783-1
SUSE-SU-2023:2783-2
USN-5490-1
USN-5945-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Mysql Server
Protocol Buffers
Red Hat
Rocky Linux
Suse
Ubuntu