CVE-2024-24432

Published: Jan 22, 2025Modified: Apr 22, 2025

5.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Affected (1)

Products: Open5gs: Open5gs

Open5gs

1 product

Open5gs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open5gs Open5gs	Up to 2.6.4

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (1)

https://cellularsecurity.org/ransacked

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.