Filtered by vendor Open5gs
Subscriptions
Filtered by product Open5gs
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-24431 | 1 Open5gs | 1 Open5gs | 2024-12-03 | 7.5 High |
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. | ||||
CVE-2024-40130 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 9.8 Critical |
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c. | ||||
CVE-2024-40129 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 8.6 High |
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c. | ||||
CVE-2024-33382 | 1 Open5gs | 1 Open5gs | 2024-11-21 | N/A |
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | ||||
CVE-2023-50020 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. | ||||
CVE-2023-50019 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 5.9 Medium |
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. | ||||
CVE-2023-4885 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 6.5 Medium |
Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | ||||
CVE-2023-4884 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 6.5 Medium |
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | ||||
CVE-2023-4883 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage. | ||||
CVE-2023-4882 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash. | ||||
CVE-2023-23846 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C | ||||
CVE-2022-43223 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. | ||||
CVE-2022-43222 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | ||||
CVE-2022-43221 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | ||||
CVE-2022-40890 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | ||||
CVE-2022-3354 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 3.5 Low |
A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability. | ||||
CVE-2022-3299 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 4.3 Medium |
A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability. | ||||
CVE-2022-39063 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough. | ||||
CVE-2021-45462 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | ||||
CVE-2021-44109 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 7.5 High |
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. |