Add CVE-2021-22570/protobuf

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-27 08:49:38 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-27 08:49:38 +0100
commit: 4ffe33e2a6b58e83326e32da9bd78c0efc72f0a8 (patch)
tree: d7b4f073cb9c8ccffbefaf89c46f718687087b24
parent: c1f4edc515fd49c00a145263cb4a025b0da1306c (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 0f41ca5d6e..c824f23dd3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -58585,7 +58585,10 @@ CVE-2021-22572
 CVE-2021-22571
 	RESERVED
 CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
-	TODO: check
+	[experimental] - protobuf 3.17.1-1
+	- protobuf <unfixed>
+	NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
+	TODO: check details
 CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
 	[experimental] - protobuf 3.19.3-1
 	- protobuf <unfixed>
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-27 08:49:38 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-27 08:49:38 +0100
commit	4ffe33e2a6b58e83326e32da9bd78c0efc72f0a8 (patch)
tree	d7b4f073cb9c8ccffbefaf89c46f718687087b24
parent	c1f4edc515fd49c00a145263cb4a025b0da1306c (diff)