CVE-2022-3299

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3299

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3299.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3299

Published

2022-09-26T13:15:11Z

Modified

2025-10-21T07:07:29.945409Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability.

References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type: GIT
Repo: https://github.com/open5gs/open5gs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

724fa568435dae45ef0c3a48b2aabde052afae88

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v2.*

v2.0.0

v2.0.18

v2.0.22

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.1.5

v2.1.7

v2.2.0

v2.2.1

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.6

v2.4.0

v2.4.1

v2.4.3

v2.4.4

v2.4.5

v2.4.7

v2.4.8

v2.4.9

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88",
        "id": "CVE-2022-3299-7b9bdf6f",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "lib/sbi/client.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "54340837667262436963158231179732426085",
                "277815706928737277172089149770849983267",
                "116776069677126102051497239583277846023",
                "38838716201110960839436251983995655716",
                "44320873639331626881474965432802154303",
                "289245706260880176313004693756981557258",
                "37419717968007643517617350233808443720",
                "177319892078940693546298665927911881338",
                "76048998928808196460299429023924655781",
                "290097942958192935233609745566892426557",
                "120963101557565555180958902633735430861",
                "330301981078441995127060692222097157347",
                "161677093735320246641880352039365457094",
                "218957587949474533393314591488465880301",
                "76405502399166282655900420019364237725",
                "64185109178769989923244442895149592338",
                "275764314733274755052096000357796205081",
                "258629837511314760161909037127735181896",
                "127038569299519171441296459401017984584",
                "188883983343820704663647802195695880246",
                "33404340989761252968125285326158928213",
                "49769313659744095416299592756084197554",
                "223019647099577113662729154676556383029",
                "143594710986097774229847094302570430276",
                "24283807845412089848233068405789494198",
                "246199693792984798835317091632980240432",
                "281087697009044346350800974901652253262",
                "44035209485652885648479696559760919731",
                "192960534727310856072319087006442207198"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88",
        "id": "CVE-2022-3299-8352257a",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "on_data_chunk_recv",
            "file": "lib/sbi/nghttp2-server.c"
        },
        "digest": {
            "length": 1148.0,
            "function_hash": "54576081028871581880038215804035760318"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88",
        "id": "CVE-2022-3299-86d2d9e3",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "on_frame_recv",
            "file": "lib/sbi/nghttp2-server.c"
        },
        "digest": {
            "length": 2311.0,
            "function_hash": "150489645850718229923669706052574848662"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88",
        "id": "CVE-2022-3299-cb11ae51",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "write_cb",
            "file": "lib/sbi/client.c"
        },
        "digest": {
            "length": 522.0,
            "function_hash": "273732133633540342962190919332475245473"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88",
        "id": "CVE-2022-3299-df31ad08",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "lib/sbi/nghttp2-server.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "230365354679696341688975056717225338288",
                "199728486243098274428515145129227810171",
                "42605245377125116209715845256784990549",
                "112286084195538923111295701537350280017",
                "241462497410196774451815347390802301840",
                "31969206583636096135344775444493695921",
                "325607950461156366775382478960580647744",
                "300941628665157196262131404344870332380",
                "45194648217708838240028053917608538240",
                "148292617260441034019634448782941171916",
                "62560200386986274531703920345885463252",
                "121918711456523760688562856868307384260",
                "315504222245306903813354647223570343322",
                "133181541832404298601366265701925383544",
                "148491961927426643962607246586736462672",
                "189561706892555527221310368256926329991",
                "86327028037998844104769509972956990933",
                "50010001790606877071673136711623027737",
                "211719794681275178631786322667850768390",
                "325658841953032862497013754244752283571",
                "208291909101379395558294527456969388403",
                "186722462393717412214581686715790151893",
                "266907154613868784346853014734743697847",
                "7856954888012342116792313665754922274",
                "59478495175024917542060130856059419942",
                "95434670878637911930168728936246620430",
                "81437120317026923695364773148880079408",
                "86974643322961971377473382795756565515",
                "271630198057282718279029272272668999859",
                "309739985634410447915172296387560058849",
                "269967621720714982688565083976810733115"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88",
        "id": "CVE-2022-3299-ef821633",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "check_multi_info",
            "file": "lib/sbi/client.c"
        },
        "digest": {
            "length": 1865.0,
            "function_hash": "103207162253592834330229885478328654419"
        },
        "signature_type": "Function"
    }
]