CVE-2021-44109

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-44109

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44109.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-44109

Published

2022-04-05T02:15:06Z

Modified

2025-10-15T13:27:37.610822Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.

References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type: GIT
Repo: https://github.com/open5gs/open5gs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d919b2744cd05abae043490f0a3dd1946c1ccb8c

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v2.*

v2.0.0

v2.0.18

v2.0.22

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.1.5

v2.1.7

v2.2.0

v2.2.1

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.6

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "265168881635058141984726655297913592837",
            "length": 166.0
        },
        "signature_type": "Function",
        "target": {
            "function": "on_part_data_end",
            "file": "lib/sbi/message.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-142493dc"
    },
    {
        "digest": {
            "function_hash": "97810364713497158085761958166055326968",
            "length": 18952.0
        },
        "signature_type": "Function",
        "target": {
            "function": "parse_json",
            "file": "lib/sbi/message.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-1566769c"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "211155455835691172467023582302704270396",
                "202984380619186095688476102601712059254",
                "246509116677229626878322322300421417179",
                "216226514964130791800396536874327242323",
                "51329687059748572177101123345637536805",
                "100051631537392936087226498587569480845",
                "327162153496899341036075850190004007182",
                "287826065082588106949157822943112027020",
                "101135758087174357440638197551368888751",
                "243325182786820456439973912170044248892",
                "115101556594082794880733356194138880832",
                "35028432289571360052361528578246246331",
                "122442241576050424227303720995149507037",
                "213088560559786705318537437415964460275",
                "77835373021827424245873272360479840293",
                "37039628119963859442365045355872723878",
                "188323268199394472358441378666614492647",
                "25397677656221045884504274780574807537",
                "96154137817902896227842723031428468297",
                "51329687059748572177101123345637536805",
                "228267307009894152026704033554404214017",
                "28183914034678331905358003176164834481",
                "213364657784096305631514754605929084371",
                "45248185726400533511177873651054420105",
                "106869158092904356641350586683593216408",
                "173805281612604029470821475082319953251",
                "129635175413626282541925761901992720283",
                "256362930647778070258520486150711660859",
                "302720531810699943940153896519599050442",
                "24748890229040550990075480597243346122",
                "148016629804704935498475802558488974647",
                "153300113109123702288304727021680400525",
                "179920204510728633848397763773749724522",
                "32179714521927116257178562117091542118",
                "326711785910522349573388115877898676706",
                "241084346245759031137742579622897139909",
                "83282367458609873291526517720185441628",
                "205430955827364360030424837632289875055",
                "283165612218159236376158582563731114449",
                "333496874819161192664614037037594066268",
                "81414730058721485092543905464345460089",
                "10594147754622047050085714366965458081",
                "262502511606822485960887496826951331773",
                "27027854044106068833501368513318587965",
                "174404116101265846738940068867874641328",
                "317758880244576647292583481878264134084"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "lib/sbi/message.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-1b64cad4"
    },
    {
        "digest": {
            "function_hash": "305808229134485350992780331975579218335",
            "length": 2928.0
        },
        "signature_type": "Function",
        "target": {
            "function": "parse_multipart",
            "file": "lib/sbi/message.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-697fb8f8"
    },
    {
        "digest": {
            "function_hash": "5912123752454717814858153375447012839",
            "length": 907.0
        },
        "signature_type": "Function",
        "target": {
            "function": "on_header_value",
            "file": "lib/sbi/message.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-6fcd9edc"
    },
    {
        "digest": {
            "function_hash": "70164347533169839093074607054435491202",
            "length": 7142.0
        },
        "signature_type": "Function",
        "target": {
            "function": "amf_namf_comm_handle_n1_n2_message_transfer",
            "file": "src/amf/namf-handler.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-91a9f299"
    },
    {
        "digest": {
            "function_hash": "6182500070306176307099495699441318367",
            "length": 1628.0
        },
        "signature_type": "Function",
        "target": {
            "function": "on_part_data",
            "file": "lib/sbi/message.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-92acbefc"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108263616564742562627622266015065076966",
                "229086717258621295482702744404220793023",
                "152073594547019980039839738326989690117",
                "11439323700249103820160303909430703416",
                "334636363205304968230129530720585066367",
                "237976613142751594794021962574789771201",
                "88170200170295810322272003887490846628",
                "19132230995719089373651944943262474245",
                "324047201096102985618319868036435480257",
                "273011026568090104060871648617029081642",
                "17840798571934204621347435776142296254",
                "113354946844946068082234372013946591122",
                "237153993340490247585809349042906689773",
                "116442998451227690791047758724156318182",
                "136364441430003519251575790429690223183",
                "95340847139220439220363879638828225485",
                "120940606703136829810083494423364603865",
                "322409457977794754351443244855518006924",
                "44092784169310338902234058139315247735",
                "42805397785869190469779711741137506332",
                "323031126083932277494340130296945723809"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "src/amf/namf-handler.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c",
        "id": "CVE-2021-44109-fc89a7f9"
    }
]