{"id":"CVE-2021-40540","details":"ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info-\u003erequest NULL check for certain malformed HTTP requests.","modified":"2026-04-11T18:45:21.370669Z","published":"2021-09-07T02:15:07.130Z","related":["openSUSE-SU-2024:11481-1"],"references":[{"type":"FIX","url":"https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa"},{"type":"FIX","url":"https://github.com/babelouest/ulfius/compare/v2.7.3...v2.7.4"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/164152/Ulfius-Web-Framework-Remote-Memory-Corruption.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/babelouest/ulfius","events":[{"introduced":"0"},{"fixed":"845a5f471b0f2d2578b0997f531e503d31fda2ae"},{"fixed":"c83f564c184a27145e07c274b305cabe943bbfaa"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.4"}]}}],"versions":["1.0","1.0.1","1.0.2","1.0.3","1.0.4","2.0.0","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","v2.2","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.5.0","v2.5.1","v2.5.2","v2.5.3","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.6.9","v2.7.0","v2.7.1","v2.7.2","v2.7.3"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa","signature_version":"v1","target":{"file":"src/ulfius.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["297567611621060874128805451638492924159","175341348358407759988233144649282649022","289842132033456773176112105159184381840","171975692886947888845446663329770953033","138229576868303095154679654836145744722","34332822542360216022116311781000219236","1810167984959200845682359592542716905","61957793805236300457029348739057662694","125966296531425933799126504982126192935","252866912497736304268107974036746873348","26301571123500956132776006507637183146"]},"deprecated":false,"id":"CVE-2021-40540-539cd306"},{"source":"https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa","signature_version":"v1","target":{"file":"src/ulfius.c","function":"ulfius_uri_logger"},"signature_type":"Function","digest":{"length":1255,"function_hash":"195028955909910763223043519064620928002"},"deprecated":false,"id":"CVE-2021-40540-6eff114a"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40540.json","vanir_signatures_modified":"2026-04-11T18:45:21Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}