Open5gs
by Open5gs
Source repositories
CVEs (173)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37007 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of… | |||
| CVE-2023-37020 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting… | |||
| CVE-2023-37005 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,… | |||
| CVE-2024-24432 | 0.00 | — | 0.00 | Jan 22, 2025 | A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||
| CVE-2023-37019 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of… | |||
| CVE-2024-24429 | 0.00 | — | 0.01 | Jan 22, 2025 | A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | |||
| CVE-2023-37021 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,… | |||
| CVE-2023-37014 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting… | |||
| CVE-2023-37008 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or… | |||
| CVE-2023-37002 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,… | |||
| CVE-2023-37012 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial… | |||
| CVE-2023-37023 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | |||
| CVE-2023-37006 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in… | |||
| CVE-2023-37017 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of… | |||
| CVE-2024-24430 | 0.00 | — | 0.01 | Jan 22, 2025 | A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||
| CVE-2023-37016 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,… | |||
| CVE-2023-37018 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,… | |||
| CVE-2023-37004 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,… | |||
| CVE-2023-37013 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state… | |||
| CVE-2023-37015 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in… |
- CVE-2023-37007Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of…
- CVE-2023-37020Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting…
- CVE-2023-37005Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,…
- CVE-2024-24432Jan 22, 2025risk 0.00cvss —epss 0.00
A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
- CVE-2023-37019Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of…
- CVE-2024-24429Jan 22, 2025risk 0.00cvss —epss 0.01
A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
- CVE-2023-37021Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,…
- CVE-2023-37014Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting…
- CVE-2023-37008Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or…
- CVE-2023-37002Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,…
- CVE-2023-37012Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial…
- CVE-2023-37023Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.
- CVE-2023-37006Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in…
- CVE-2023-37017Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of…
- CVE-2024-24430Jan 22, 2025risk 0.00cvss —epss 0.01
A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
- CVE-2023-37016Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,…
- CVE-2023-37018Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,…
- CVE-2023-37004Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME,…
- CVE-2023-37013Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state…
- CVE-2023-37015Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in…
Page 7 of 9