CVE-2022-43223

Published: Nov 1, 2022Modified: May 2, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.

Affected (1)

Products: Open5gs: Open5gs

Open5gs

1 product

Open5gs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open5gs Open5gs	Version 2.4.11

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://github.com/ToughRunner/Open5gs_bugreport2

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/ToughRunner/Open5gs_bugreport2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.