VYPR

Open5gs

by Open5gs

Source repositories

CVEs (173)

  • CVE-2022-43221Nov 1, 2022
    risk 0.00cvss epss 0.01

    open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.

  • CVE-2022-43222Nov 1, 2022
    risk 0.00cvss epss 0.01

    open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.

  • CVE-2022-40890Sep 29, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.

  • CVE-2022-3354Sep 28, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to…

  • CVE-2022-3299Sep 26, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched…

  • CVE-2022-39063Sep 16, 2022
    risk 0.00cvss epss 0.01

    When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct…

  • CVE-2021-44109Apr 5, 2022
    risk 0.00cvss epss 0.02

    A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.

  • CVE-2021-44108Apr 5, 2022
    risk 0.00cvss epss 0.01

    A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.

  • CVE-2021-44081Mar 29, 2022
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.

  • CVE-2021-45462Dec 23, 2021
    risk 0.00cvss epss 0.04

    In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.

  • CVE-2021-41794Oct 7, 2021
    risk 0.00cvss epss 0.01

    ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a…

  • CVE-2021-28122Mar 10, 2021
    risk 0.00cvss epss 0.04

    A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative…

  • CVE-2021-25863Jan 26, 2021
    risk 0.00cvss epss 0.01

    Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.

Page 9 of 9