CVE-2021-36082 – CVE-2021-36082 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2021-36082?

CVE-2021-36082 has a CVSS score of 8.8 (HIGH). CVE-2021-36082 is a stack-based buffer overflow vulnerability in ntop nDPI's processClientServerHello function. This allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted network packets. Organizations using nDPI for deep packet inspection are affected.

📋 TL;DR

CVE-2021-36082 is a stack-based buffer overflow vulnerability in ntop nDPI's processClientServerHello function. This allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted network packets. Organizations using nDPI for deep packet inspection are affected.

💻 Affected Systems

Products:

ntop nDPI

Versions: Version 3.4 and earlier

Operating Systems: All platforms running nDPI

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using nDPI for deep packet inspection or traffic analysis is vulnerable when processing network traffic.

📦 What is this software?

Ndpi by Ntop

View all CVEs affecting Ndpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root/system privileges leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service causing nDPI service crashes and disruption of network monitoring capabilities.

🟢

If Mitigated

Limited impact if network segmentation prevents external access to nDPI instances and proper input validation is in place.

🌐 Internet-Facing: HIGH - Network-facing service parsing untrusted traffic without authentication.

🏢 Internal Only: MEDIUM - Still vulnerable to internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available through OSS-Fuzz reports. Exploitation requires sending malicious network packets to trigger the buffer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 1ec621c85b9411cc611652fd57a892cfef478af3 and later versions

Vendor Advisory: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3

Restart Required: Yes

Instructions:

1. Update nDPI to version after commit 1ec621c85b9411cc611652fd57a892cfef478af3. 2. Recompile any applications using nDPI. 3. Restart services using nDPI library.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate nDPI instances from untrusted networks to prevent external exploitation.

Input Validation

all

Implement additional packet validation before passing to nDPI processing.

🧯 If You Can't Patch

Implement strict network access controls to limit which systems can send traffic to nDPI instances
Deploy intrusion detection systems to monitor for exploitation attempts and anomalous traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check nDPI version: if version is 3.4 or earlier, system is vulnerable. Verify by checking library version or commit hash.

Check Version:

Check nDPI source code or compiled library version information

Verify Fix Applied:

Confirm nDPI version is after commit 1ec621c85b9411cc611652fd57a892cfef478af3. Test with known malicious packets if possible.

📡 Detection & Monitoring

Log Indicators:

nDPI service crashes
segmentation fault errors in system logs
unexpected process termination

Network Indicators:

Unusual TLS/SSL handshake patterns
malformed network packets targeting nDPI ports
traffic spikes to nDPI services

SIEM Query:

source="nDPI" AND (event="crash" OR event="segfault" OR severity="critical")

📊 Metadata

CVE ID: CVE-2021-36082

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 1, 2021

Last Updated: November 21, 2024

🔗 References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml Third Party Advisory
https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 Patch,Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml Third Party Advisory
https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36082, you might also want to check these: