← Back

CVE-2023-37008

nvd nist
Published: Jan 22, 2025Modified: Apr 22, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 1.8 / Impact: 3.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.

Affected (1)

Products: Open5gs: Open5gs
Open5gs
1 product
Open5gs
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Open5gs
Up to 2.6.4

Related CWEs

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (1)

Source: cve@mitre.org
ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.