A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
History

Tue, 03 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Open5gs
Open5gs open5gs
CPEs cpe:2.3:a:open5gs:open5gs:-:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 03 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Fri, 15 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
Description A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-15T00:00:00

Updated: 2024-12-03T16:04:26.231Z

Reserved: 2024-01-25T00:00:00

Link: CVE-2024-24431

cve-icon Vulnrichment

Updated: 2024-12-03T16:04:19.996Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-15T19:15:06.137

Modified: 2024-12-03T16:15:21.187

Link: CVE-2024-24431

cve-icon Redhat

No data.