← Back

CVE-2023-37024

nvd nist
Published: Jan 21, 2025Modified: Mar 3, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.

Affected (1)

Linuxfoundation
1 product
Magma
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Magma
Before 1.9

Related CWEs

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (1)

Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.