CVE-2021-41794
7.5 HIGHogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow
Published: 2021-10-07 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-120
Affected products
| Vendor | Product |
|---|---|
| open5gs | open5gs |
Description
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41794
- [Exploit reference]https://research.nccgroup.com/2021/10/06/technical-advisory-open5gs-stack-buffer-overflow-during-pfcp-session-establishment-on-upf-cve-2021-41794
- [Exploit reference]https://research.nccgroup.com/2021/10/06/technical-advisory-open5gs-stack-buffer-overflow-during-pfcp-session-establishment-on-upf-cve-2021-41794
Related CVEs
Same vendor
- CVE-2026-8746 — A security flaw has been discovered in Open5GS up to 2.7.7 (4.3 MEDIUM)
- CVE-2026-8745 — A vulnerability was identified in Open5GS up to 2.7.7 (4.3 MEDIUM)
- CVE-2026-8744 — A vulnerability was determined in Open5GS up to 2.7.7 (4.3 MEDIUM)
- CVE-2026-8743 — A vulnerability was found in Open5GS up to 2.7.6 (6.3 MEDIUM)
- CVE-2026-8731 — A vulnerability has been found in Open5GS up to 2.7.7 (4.3 MEDIUM)
Same CWE
- CVE-2026-12328 — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (8.1 HIGH)
- CVE-2026-12192 — A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
- CVE-2026-36818 — Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter... (7.5 HIGH)
- CVE-2026-36817 — Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo paramet... (7.5 HIGH)
- CVE-2026-36816 — Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo paramete... (7.5 HIGH)