Open5gs

open5gs

154 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Open5gs

open5gs

154 CVEs

CVEs (154)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37005 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37004 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37003 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2023-37002 1Open5gs 1Open5gs Apr 22, 2025 Jan 22, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `...Show more Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Show less
CVE-2024-24428 1Open5gs 1Open5gs Jan 24, 2025 Jan 21, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
CVE-2024-24427 1Open5gs 1Open5gs Jan 24, 2025 Jan 21, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVE-2024-24431 1Open5gs 1Open5gs Apr 22, 2025 Nov 15, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
CVE-2024-51179 1Open5gs 1Open5gs Sep 29, 2025 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Pack...Show more An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establishment process.Show less
CVE-2024-40130 1Open5gs 1Open5gs Nov 21, 2024 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
CVE-2024-40129 1Open5gs 1Open5gs Nov 21, 2024 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
CVE-2024-33382 1Open5gs 1Open5gs Apr 22, 2025 May 8, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration
CVE-2024-34476 1Open5gs 1Open5gs Apr 22, 2025 May 5, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.
CVE-2024-34475 1Open5gs 1Open5gs Apr 22, 2025 May 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.
CVE-2023-50020 1Open5gs 1Open5gs Jun 18, 2025 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
CVE-2023-50019 1Open5gs 1Open5gs Apr 17, 2025 Jan 2, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
CVE-2023-4885 1Open5gs 1Open5gs Nov 21, 2024 Oct 3, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.
CVE-2023-4884 1Open5gs 1Open5gs Nov 21, 2024 Oct 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
CVE-2023-4883 1Open5gs 1Open5gs Nov 21, 2024 Oct 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network...Show more Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.Show less
CVE-2023-4882 1Open5gs 1Open5gs Nov 21, 2024 Oct 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the ar...Show more DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.Show less
CVE-2023-23846 1Open5gs 1Open5gs Mar 27, 2025 Feb 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any exte...Show more Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:CShow less

Previous 1...4 5 678 Next