{"id":"CVE-2021-45462","details":"In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.","modified":"2026-04-11T23:37:22.970801Z","published":"2021-12-23T04:15:09.573Z","references":[{"type":"WEB","url":"https://www.trendmicro.com/en_us/research/23/i/attacks-on-5g-infrastructure-from-users-devices.html"},{"type":"FIX","url":"https://github.com/open5gs/open5gs/commit/a0f2535cb5a29bba6dbbccdb90c74ccd770cc700"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"0"},{"last_affected":"27b87c1110d8d5ec0de5e357f561082a0a9482c1"},{"fixed":"a0f2535cb5a29bba6dbbccdb90c74ccd770cc700"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.0"}]}}],"versions":["v0.1.0","v0.1.1","v0.2.0","v0.3.0","v0.3.1","v0.3.10","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.8","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v1.0.0","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v2.0.0","v2.0.18","v2.0.22","v2.1.0","v2.1.1","v2.1.3","v2.1.4","v2.1.5","v2.1.7","v2.2.0","v2.2.1","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.2","v2.3.6","v2.4.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/a0f2535cb5a29bba6dbbccdb90c74ccd770cc700","id":"CVE-2021-45462-108d25fa","digest":{"function_hash":"66498646289301510419849744843098299667","length":5852},"deprecated":false,"target":{"file":"src/upf/gtp-path.c","function":"_gtpv1_u_recv_cb"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/a0f2535cb5a29bba6dbbccdb90c74ccd770cc700","id":"CVE-2021-45462-7ee42e6e","digest":{"function_hash":"221589819375939541502721851894602973056","length":2842},"deprecated":false,"target":{"file":"src/smf/gtp-path.c","function":"_gtpv1_u_recv_cb"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/a0f2535cb5a29bba6dbbccdb90c74ccd770cc700","id":"CVE-2021-45462-96f5d491","digest":{"function_hash":"108230382947362361426818551219694048171","length":4038},"deprecated":false,"target":{"file":"src/sgwu/gtp-path.c","function":"_gtpv1_u_recv_cb"},"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45462.json","vanir_signatures_modified":"2026-04-11T23:37:22Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}