{"id":"CVE-2021-44108","details":"A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.","modified":"2026-04-11T23:37:25.151766Z","published":"2022-04-05T02:15:06.927Z","references":[{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/1247"},{"type":"FIX","url":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"0"},{"last_affected":"7d9a651f6c533d72553bbd509c2b6ab5f348473a"},{"fixed":"d919b2744cd05abae043490f0a3dd1946c1ccb8c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.6"}]}}],"versions":["v0.1.0","v0.1.1","v0.2.0","v0.3.0","v0.3.1","v0.3.10","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.8","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v1.0.0","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v2.0.0","v2.0.18","v2.0.22","v2.1.0","v2.1.1","v2.1.3","v2.1.4","v2.1.5","v2.1.7","v2.2.0","v2.2.1","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.2","v2.3.6"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"lib/sbi/message.c","function":"on_part_data_end"},"signature_type":"Function","digest":{"length":166,"function_hash":"265168881635058141984726655297913592837"},"deprecated":false,"id":"CVE-2021-44108-142493dc"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"lib/sbi/message.c","function":"parse_json"},"signature_type":"Function","digest":{"length":18952,"function_hash":"97810364713497158085761958166055326968"},"deprecated":false,"id":"CVE-2021-44108-1566769c"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"lib/sbi/message.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["211155455835691172467023582302704270396","202984380619186095688476102601712059254","246509116677229626878322322300421417179","216226514964130791800396536874327242323","51329687059748572177101123345637536805","100051631537392936087226498587569480845","327162153496899341036075850190004007182","287826065082588106949157822943112027020","101135758087174357440638197551368888751","243325182786820456439973912170044248892","115101556594082794880733356194138880832","35028432289571360052361528578246246331","122442241576050424227303720995149507037","213088560559786705318537437415964460275","77835373021827424245873272360479840293","37039628119963859442365045355872723878","188323268199394472358441378666614492647","25397677656221045884504274780574807537","96154137817902896227842723031428468297","51329687059748572177101123345637536805","228267307009894152026704033554404214017","28183914034678331905358003176164834481","213364657784096305631514754605929084371","45248185726400533511177873651054420105","106869158092904356641350586683593216408","173805281612604029470821475082319953251","129635175413626282541925761901992720283","256362930647778070258520486150711660859","302720531810699943940153896519599050442","24748890229040550990075480597243346122","148016629804704935498475802558488974647","153300113109123702288304727021680400525","179920204510728633848397763773749724522","32179714521927116257178562117091542118","326711785910522349573388115877898676706","241084346245759031137742579622897139909","83282367458609873291526517720185441628","205430955827364360030424837632289875055","283165612218159236376158582563731114449","333496874819161192664614037037594066268","81414730058721485092543905464345460089","10594147754622047050085714366965458081","262502511606822485960887496826951331773","27027854044106068833501368513318587965","174404116101265846738940068867874641328","317758880244576647292583481878264134084"]},"deprecated":false,"id":"CVE-2021-44108-1b64cad4"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"lib/sbi/message.c","function":"parse_multipart"},"signature_type":"Function","digest":{"length":2928,"function_hash":"305808229134485350992780331975579218335"},"deprecated":false,"id":"CVE-2021-44108-697fb8f8"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"lib/sbi/message.c","function":"on_header_value"},"signature_type":"Function","digest":{"length":907,"function_hash":"5912123752454717814858153375447012839"},"deprecated":false,"id":"CVE-2021-44108-6fcd9edc"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"src/amf/namf-handler.c","function":"amf_namf_comm_handle_n1_n2_message_transfer"},"signature_type":"Function","digest":{"length":7142,"function_hash":"70164347533169839093074607054435491202"},"deprecated":false,"id":"CVE-2021-44108-91a9f299"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"lib/sbi/message.c","function":"on_part_data"},"signature_type":"Function","digest":{"length":1628,"function_hash":"6182500070306176307099495699441318367"},"deprecated":false,"id":"CVE-2021-44108-92acbefc"},{"source":"https://github.com/open5gs/open5gs/commit/d919b2744cd05abae043490f0a3dd1946c1ccb8c","signature_version":"v1","target":{"file":"src/amf/namf-handler.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["108263616564742562627622266015065076966","229086717258621295482702744404220793023","152073594547019980039839738326989690117","11439323700249103820160303909430703416","334636363205304968230129530720585066367","237976613142751594794021962574789771201","88170200170295810322272003887490846628","19132230995719089373651944943262474245","324047201096102985618319868036435480257","273011026568090104060871648617029081642","17840798571934204621347435776142296254","113354946844946068082234372013946591122","237153993340490247585809349042906689773","116442998451227690791047758724156318182","136364441430003519251575790429690223183","95340847139220439220363879638828225485","120940606703136829810083494423364603865","322409457977794754351443244855518006924","44092784169310338902234058139315247735","42805397785869190469779711741137506332","323031126083932277494340130296945723809"]},"deprecated":false,"id":"CVE-2021-44108-fc89a7f9"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44108.json","vanir_signatures_modified":"2026-04-11T23:37:25Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}