VYPR

Vendor CVEs

Free5gc

All CVEs

104 total · sorted by risk
  • CVE-2023-46324Oct 23, 2023
    risk 0.00cvss epss 0.00

    pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt…

  • CVE-2022-38871Nov 18, 2022
    risk 0.00cvss epss 0.01

    In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.

  • CVE-2022-43677Oct 24, 2022
    risk 0.00cvss epss 0.01

    In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.

  • CVE-2022-39063Sep 16, 2022
    risk 0.00cvss epss 0.01

    When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct…

Page 3 of 3