CVE-2021-36082

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-36082
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36082.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-36082
Downstream
Related
Published
2021-07-01T03:15:08Z
Modified
2025-10-21T06:27:06.115537Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello.

References

Affected packages

Git / github.com/ntop/ndpi

Affected ranges

Type
GIT
Repo
https://github.com/ntop/ndpi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1ec621c85b9411cc611652fd57a892cfef478af3

Affected versions

1.*

1.6
1.7
1.8

3.*

3.4

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/ntop/ndpi/commit/1ec621c85b9411cc611652fd57a892cfef478af3",
        "signature_version": "v1",
        "target": {
            "file": "src/lib/protocols/netbios.c",
            "function": "ndpi_netbios_name_interpret"
        },
        "digest": {
            "length": 758.0,
            "function_hash": "302859875256664286226638523269138364431"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-36082-0ef97e0f"
    },
    {
        "source": "https://github.com/ntop/ndpi/commit/1ec621c85b9411cc611652fd57a892cfef478af3",
        "signature_version": "v1",
        "target": {
            "file": "src/lib/protocols/tls.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "283285741691081614073684166098376823804",
                "190422609488824348763456446657549809087",
                "29865031034892981345129101361358677315",
                "43684388212785616421314117726959667143",
                "302097630842734779183807666297333094091",
                "38598527672163028968547299404012524258",
                "329753652566897716863181266048848301409",
                "21268663557253755254920215319728393570",
                "244422327276923352932327439479383557696",
                "207921080578549301239642766647035237831",
                "58893800896607668872476623799361005970",
                "275422212797821282488771469457978426013",
                "159959277189008559366896995343663327680",
                "265853024499135991219794651391573022954",
                "285692154626788011360669358653997777911",
                "66928221849196613927809394589402010934",
                "45964735516037415977318779435850754775",
                "51178598113062849075198239399821097758",
                "330394963256572404299176478509430897947",
                "160674689939810966270154381817585874608",
                "259268077522815151047063469966451106260",
                "280334077618436250983947778341381732440",
                "257412689862992087545053588682041756577",
                "318083609610401959667833608422610049613",
                "309812486040215203763839339071065032490",
                "41520219025630646301310345416948027529",
                "75465516785154960852510383159070501062",
                "58100940850657514519449182490322318798",
                "252110335941039765075592875400745900812",
                "51407593054553760286480082973700760855",
                "216769654216211786156122429316044956274",
                "150697918068094379758688770642587380504",
                "36279729678887605568430952023268193821",
                "129019470795228794175777620312920332628",
                "158008358202997966142742743538762405909",
                "115720650068195905742780824482021156668",
                "51407593054553760286480082973700760855",
                "300275965938171584385619919830840743675",
                "239225698138344605166386165504982299916",
                "289762993025206709576255902386117210401",
                "171208261723510209159260858395032953597",
                "338998004147545300942138600459534915410",
                "322658238603977047716369349843388287656",
                "51407593054553760286480082973700760855",
                "75497389352015957792228046339090665851",
                "18688632161639187432424494224565155827",
                "317474783919217660955762280009344241960",
                "130396738490288601582201946447974125098",
                "157498100904595441077674871070490337196",
                "90287096384632413821644480278258022533",
                "25885811904529883748937752505232882518",
                "163088973298841930022455502117864275944",
                "201432481730589165366163241716992664893",
                "176909143950007632262210633798052100846"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2021-36082-6f379434"
    },
    {
        "source": "https://github.com/ntop/ndpi/commit/1ec621c85b9411cc611652fd57a892cfef478af3",
        "signature_version": "v1",
        "target": {
            "file": "src/lib/protocols/tls.c",
            "function": "processClientServerHello"
        },
        "digest": {
            "length": 25514.0,
            "function_hash": "296183314519124945305659869962697730796"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2021-36082-dd04ae82"
    },
    {
        "source": "https://github.com/ntop/ndpi/commit/1ec621c85b9411cc611652fd57a892cfef478af3",
        "signature_version": "v1",
        "target": {
            "file": "src/lib/protocols/netbios.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33716765348600117403750162508772891282",
                "256243292410185589768547227138080496690",
                "126610943620910384459492188773966927618",
                "59423376683474255142434169091535584325"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2021-36082-e3552928"
    }
]