VulnerableCode Vulnerability Details - VCID-6ndz-zud6-vye5

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6ndz-zud6-vye5

Essentials
Severities (2)
References (18)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6ndz-zud6-vye5
Aliases	CVE-2021-22570 GHSA-77rm-9x9h-xj3g PYSEC-2022-48
Summary	Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-476	NULL Pointer Dereference
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2021-22570
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-77rm-9x9h-xj3g

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2021-22570
		https://github.com/advisories/GHSA-77rm-9x9h-xj3g
		https://github.com/protocolbuffers/protobuf
		https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
		https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml
		https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP
		https://security.netapp.com/advisory/ntap-20220429-0005
		https://www.oracle.com/security-alerts/cpuapr2022.html
CVE-2021-22570		https://nvd.nist.gov/vuln/detail/CVE-2021-22570

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.33504
EPSS Score	0.00138
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:29:19.346532+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2022-48.yaml	38.6.0