CVE-2021-40540

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-40540
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40540.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40540
Downstream
Related
Published
2021-09-07T02:15:07Z
Modified
2025-10-21T06:33:40.314402Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

ulfiusurilogger in Ulfius HTTP Framework before 2.7.4 omits coninfo initialization and a coninfo->request NULL check for certain malformed HTTP requests.

References

Affected packages

Git / github.com/babelouest/ulfius

Affected ranges

Type
GIT
Repo
https://github.com/babelouest/ulfius
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c83f564c184a27145e07c274b305cabe943bbfaa

Affected versions

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4

2.*

2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2

v2.*

v2.2
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.3.0
v2.3.0-b
v2.3.0-b.2
v2.3.0-b.3
v2.3.0-b.4
v2.3.0-b.5
v2.3.0-b.6
v2.3.0-b.7
v2.3.0-b.8
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.4.0
v2.4.0b
v2.4.0b2
v2.4.0b3
v2.4.0b4
v2.4.0b5
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.7.0
v2.7.1
v2.7.2
v2.7.3

Database specific

vanir_signatures

[
    {
        "id": "CVE-2021-40540-539cd306",
        "source": "https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/ulfius.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "297567611621060874128805451638492924159",
                "175341348358407759988233144649282649022",
                "289842132033456773176112105159184381840",
                "171975692886947888845446663329770953033",
                "138229576868303095154679654836145744722",
                "34332822542360216022116311781000219236",
                "1810167984959200845682359592542716905",
                "61957793805236300457029348739057662694",
                "125966296531425933799126504982126192935",
                "252866912497736304268107974036746873348",
                "26301571123500956132776006507637183146"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2021-40540-6eff114a",
        "source": "https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "ulfius_uri_logger",
            "file": "src/ulfius.c"
        },
        "digest": {
            "length": 1255.0,
            "function_hash": "195028955909910763223043519064620928002"
        },
        "signature_type": "Function"
    }
]