CVE-2024-34475

Published: May 5, 2024Modified: Apr 22, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.

Affected (1)

Products: Open5gs: Open5gs

Open5gs

1 product

Open5gs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open5gs Open5gs	Before 2.7.1

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

https://github.com/open5gs/open5gs/compare/v2.7.0...v2.7.1

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/open5gs/open5gs/pull/3122

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://github.com/open5gs/open5gs/compare/v2.7.0...v2.7.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/open5gs/open5gs/pull/3122

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.