Open5gs
by Open5gs
Source repositories
CVEs (173)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43221 | 0.00 | — | 0.01 | Nov 1, 2022 | open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | |||
| CVE-2022-43222 | 0.00 | — | 0.01 | Nov 1, 2022 | open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | |||
| CVE-2022-40890 | 0.00 | — | 0.01 | Sep 29, 2022 | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | |||
| CVE-2022-3354 | 0.00 | — | 0.01 | Sep 28, 2022 | A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to… | |||
| CVE-2022-3299 | 0.00 | — | 0.01 | Sep 26, 2022 | A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched… | |||
| CVE-2022-39063 | 0.00 | — | 0.01 | Sep 16, 2022 | When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct… | |||
| CVE-2021-44109 | 0.00 | — | 0.02 | Apr 5, 2022 | A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. | |||
| CVE-2021-44108 | 0.00 | — | 0.01 | Apr 5, 2022 | A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. | |||
| CVE-2021-44081 | 0.00 | — | 0.01 | Mar 29, 2022 | A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service. | |||
| CVE-2021-45462 | 0.00 | — | 0.04 | Dec 23, 2021 | In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | |||
| CVE-2021-41794 | 0.00 | — | 0.01 | Oct 7, 2021 | ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a… | |||
| CVE-2021-28122 | 0.00 | — | 0.04 | Mar 10, 2021 | A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative… | |||
| CVE-2021-25863 | 0.00 | — | 0.01 | Jan 26, 2021 | Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. |
- CVE-2022-43221Nov 1, 2022risk 0.00cvss —epss 0.01
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
- CVE-2022-43222Nov 1, 2022risk 0.00cvss —epss 0.01
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
- CVE-2022-40890Sep 29, 2022risk 0.00cvss —epss 0.01
A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.
- CVE-2022-3354Sep 28, 2022risk 0.00cvss —epss 0.01
A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to…
- CVE-2022-3299Sep 26, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched…
- CVE-2022-39063Sep 16, 2022risk 0.00cvss —epss 0.01
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct…
- CVE-2021-44109Apr 5, 2022risk 0.00cvss —epss 0.02
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.
- CVE-2021-44108Apr 5, 2022risk 0.00cvss —epss 0.01
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.
- CVE-2021-44081Mar 29, 2022risk 0.00cvss —epss 0.01
A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.
- CVE-2021-45462Dec 23, 2021risk 0.00cvss —epss 0.04
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.
- CVE-2021-41794Oct 7, 2021risk 0.00cvss —epss 0.01
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a…
- CVE-2021-28122Mar 10, 2021risk 0.00cvss —epss 0.04
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative…
- CVE-2021-25863Jan 26, 2021risk 0.00cvss —epss 0.01
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
Page 9 of 9