Auto-merge PR#4223

2025-12-30 05:58:39 +00:00 · 2022-01-26 09:00:18 -05:00 · 2022-01-26 09:00:18 -05:00 · 028f38fec5
commit 028f38fec5
parent 028b7f9447 b9795111bd
1 changed files with 84 additions and 17 deletions
--- a/2021/22xxx/CVE-2021-22570.json
+++ b/2021/22xxx/CVE-2021-22570.json
@ -1,18 +1,85 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-22570",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+  "CVE_data_meta": {
+      "ASSIGNER": "security@google.com",
+      "ID": "CVE-2021-22570",
+      "STATE": "PUBLIC",
+      "TITLE": "Nullptr Dereference in Protobuf"
+  },
+  "affects": {
+      "vendor": {
+          "vendor_data": [
+              {
+                  "product": {
+                      "product_data": [
+                          {
+                              "product_name": "Protobuf",
+                              "version": {
+                                  "version_data": [
+                                      {
+                                          "version_affected": "<",
+                                          "version_value": "3.15.0"
+                                      }
+                                  ]
+                              }
+                          }
+                      ]
+                  },
+                  "vendor_name": "Google LLC"
+              }
+          ]
+      }
+  },
+  "data_format": "MITRE",
+  "data_type": "CVE",
+  "data_version": "4.0",
+  "description": {
+      "description_data": [
+          {
+              "lang": "eng",
+              "value": "Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater."
+          }
+      ]
+  },
+  "generator": {
+      "engine": "Vulnogram 0.0.9"
+  },
+  "impact": {
+      "cvss": {
+          "attackComplexity": "LOW",
+          "attackVector": "NETWORK",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "privilegesRequired": "LOW",
+          "scope": "UNCHANGED",
+          "userInteraction": "NONE",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "version": "3.1"
+      }
+  },
+  "problemtype": {
+      "problemtype_data": [
+          {
+              "description": [
+                  {
+                      "lang": "eng",
+                      "value": "CWE-476 NULL Pointer Dereference"
+                  }
+              ]
+          }
+      ]
+  },
+  "references": {
+      "reference_data": [
+          {
+              "refsource": "CONFIRM",
+              "url": "https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0"
+          }
+      ]
+  },
+  "source": {
+      "discovery": "INTERNAL"
+  }
+}