Open5gs

open5gs

154 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Open5gs

open5gs

154 CVEs

CVEs (154)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-24432 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVE-2024-24430 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVE-2023-37023 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets...Show more Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.Show less
CVE-2023-37022 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly se...Show more Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.Show less
CVE-2023-37021 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required...Show more Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37020 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37019 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs...Show more Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37018 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `...Show more Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37017 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID`...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37016 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37015 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1A...Show more Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37014 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME...Show more Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37013 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs...Show more Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service.Show less
CVE-2023-37012 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identi...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37011 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_I...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37010 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1A...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37009 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37008 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of m...Show more Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.Show less
CVE-2023-37007 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID`...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37006 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1A...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less

Previous 1...4 567 8 Next