{"id":"CVE-2022-3299","details":"A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability.","modified":"2026-04-12T03:44:54.393705Z","published":"2022-09-26T13:15:11.410Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.4.0"},{"last_affected":"2.4.10"}]}]},"references":[{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/1769"},{"type":"REPORT","url":"https://vuldb.com/?id.209545"},{"type":"FIX","url":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"0"},{"fixed":"724fa568435dae45ef0c3a48b2aabde052afae88"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.1.0","v0.1.1","v0.2.0","v0.3.0","v0.3.1","v0.3.10","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.8","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v1.0.0","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v2.0.0","v2.0.18","v2.0.22","v2.1.0","v2.1.1","v2.1.3","v2.1.4","v2.1.5","v2.1.7","v2.2.0","v2.2.1","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.2","v2.3.6","v2.4.0","v2.4.1","v2.4.3","v2.4.4","v2.4.5","v2.4.7","v2.4.8","v2.4.9"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["54340837667262436963158231179732426085","277815706928737277172089149770849983267","116776069677126102051497239583277846023","38838716201110960839436251983995655716","44320873639331626881474965432802154303","289245706260880176313004693756981557258","37419717968007643517617350233808443720","177319892078940693546298665927911881338","76048998928808196460299429023924655781","290097942958192935233609745566892426557","120963101557565555180958902633735430861","330301981078441995127060692222097157347","161677093735320246641880352039365457094","218957587949474533393314591488465880301","76405502399166282655900420019364237725","64185109178769989923244442895149592338","275764314733274755052096000357796205081","258629837511314760161909037127735181896","127038569299519171441296459401017984584","188883983343820704663647802195695880246","33404340989761252968125285326158928213","49769313659744095416299592756084197554","223019647099577113662729154676556383029","143594710986097774229847094302570430276","24283807845412089848233068405789494198","246199693792984798835317091632980240432","281087697009044346350800974901652253262","44035209485652885648479696559760919731","192960534727310856072319087006442207198"]},"target":{"file":"lib/sbi/client.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88","id":"CVE-2022-3299-7b9bdf6f"},{"digest":{"function_hash":"54576081028871581880038215804035760318","length":1148},"target":{"function":"on_data_chunk_recv","file":"lib/sbi/nghttp2-server.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88","id":"CVE-2022-3299-8352257a"},{"digest":{"function_hash":"150489645850718229923669706052574848662","length":2311},"target":{"function":"on_frame_recv","file":"lib/sbi/nghttp2-server.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88","id":"CVE-2022-3299-86d2d9e3"},{"digest":{"function_hash":"273732133633540342962190919332475245473","length":522},"target":{"function":"write_cb","file":"lib/sbi/client.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88","id":"CVE-2022-3299-cb11ae51"},{"digest":{"threshold":0.9,"line_hashes":["230365354679696341688975056717225338288","199728486243098274428515145129227810171","42605245377125116209715845256784990549","112286084195538923111295701537350280017","241462497410196774451815347390802301840","31969206583636096135344775444493695921","325607950461156366775382478960580647744","300941628665157196262131404344870332380","45194648217708838240028053917608538240","148292617260441034019634448782941171916","62560200386986274531703920345885463252","121918711456523760688562856868307384260","315504222245306903813354647223570343322","133181541832404298601366265701925383544","148491961927426643962607246586736462672","189561706892555527221310368256926329991","86327028037998844104769509972956990933","50010001790606877071673136711623027737","211719794681275178631786322667850768390","325658841953032862497013754244752283571","208291909101379395558294527456969388403","186722462393717412214581686715790151893","266907154613868784346853014734743697847","7856954888012342116792313665754922274","59478495175024917542060130856059419942","95434670878637911930168728936246620430","81437120317026923695364773148880079408","86974643322961971377473382795756565515","271630198057282718279029272272668999859","309739985634410447915172296387560058849","269967621720714982688565083976810733115"]},"target":{"file":"lib/sbi/nghttp2-server.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88","id":"CVE-2022-3299-df31ad08"},{"digest":{"function_hash":"103207162253592834330229885478328654419","length":1865},"target":{"function":"check_multi_info","file":"lib/sbi/client.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://github.com/open5gs/open5gs/commit/724fa568435dae45ef0c3a48b2aabde052afae88","id":"CVE-2022-3299-ef821633"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3299.json","vanir_signatures_modified":"2026-04-12T03:44:54Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}