Open5gs
by Open5gs
Source repositories
CVEs (173)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34235 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service. | |||
| CVE-2023-37010 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in… | |||
| CVE-2023-37022 | 0.00 | — | 0.01 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | |||
| CVE-2023-37009 | 0.00 | — | 0.00 | Jan 22, 2025 | Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in… | |||
| CVE-2024-24427 | 0.00 | — | 0.00 | Jan 21, 2025 | A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||
| CVE-2024-24428 | 0.00 | — | 0.00 | Jan 21, 2025 | A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | |||
| CVE-2024-24431 | 0.00 | — | 0.01 | Nov 15, 2024 | A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. | |||
| CVE-2024-40129 | 0.00 | — | 0.00 | Jul 16, 2024 | Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c. | |||
| CVE-2024-40130 | 0.00 | — | 0.01 | Jul 16, 2024 | open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c. | |||
| CVE-2024-33382 | 0.00 | — | 0.00 | May 8, 2024 | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | |||
| CVE-2024-34475 | 0.00 | — | 0.01 | May 4, 2024 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. | |||
| CVE-2024-34476 | 0.00 | — | 0.01 | May 4, 2024 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len. | |||
| CVE-2023-50020 | 0.00 | — | 0.01 | Jan 2, 2024 | An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. | |||
| CVE-2023-50019 | 0.00 | — | 0.01 | Jan 2, 2024 | An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. | |||
| CVE-2023-4885 | 0.00 | — | 0.00 | Oct 3, 2023 | Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | |||
| CVE-2023-4884 | 0.00 | — | 0.00 | Oct 3, 2023 | An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | |||
| CVE-2023-4883 | 0.00 | — | 0.01 | Oct 3, 2023 | Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free… | |||
| CVE-2023-4882 | 0.00 | — | 0.01 | Oct 3, 2023 | DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash. | |||
| CVE-2023-23846 | 0.00 | — | 0.01 | Feb 1, 2023 | Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop.… | |||
| CVE-2022-43223 | 0.00 | — | 0.01 | Nov 1, 2022 | open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. |
- CVE-2024-34235Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.
- CVE-2023-37010Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in…
- CVE-2023-37022Jan 22, 2025risk 0.00cvss —epss 0.01
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.
- CVE-2023-37009Jan 22, 2025risk 0.00cvss —epss 0.00
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in…
- CVE-2024-24427Jan 21, 2025risk 0.00cvss —epss 0.00
A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
- CVE-2024-24428Jan 21, 2025risk 0.00cvss —epss 0.00
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
- CVE-2024-24431Nov 15, 2024risk 0.00cvss —epss 0.01
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
- CVE-2024-40129Jul 16, 2024risk 0.00cvss —epss 0.00
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
- CVE-2024-40130Jul 16, 2024risk 0.00cvss —epss 0.01
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
- CVE-2024-33382May 8, 2024risk 0.00cvss —epss 0.00
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration
- CVE-2024-34475May 4, 2024risk 0.00cvss —epss 0.01
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.
- CVE-2024-34476May 4, 2024risk 0.00cvss —epss 0.01
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.
- CVE-2023-50020Jan 2, 2024risk 0.00cvss —epss 0.01
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
- CVE-2023-50019Jan 2, 2024risk 0.00cvss —epss 0.01
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
- CVE-2023-4885Oct 3, 2023risk 0.00cvss —epss 0.00
Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.
- CVE-2023-4884Oct 3, 2023risk 0.00cvss —epss 0.00
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
- CVE-2023-4883Oct 3, 2023risk 0.00cvss —epss 0.01
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free…
- CVE-2023-4882Oct 3, 2023risk 0.00cvss —epss 0.01
DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.
- CVE-2023-23846Feb 1, 2023risk 0.00cvss —epss 0.01
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop.…
- CVE-2022-43223Nov 1, 2022risk 0.00cvss —epss 0.01
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.
Page 8 of 9