5.3

CVE-2026-7601

Open5GS AMF gmm-handler.c denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able to address this issue. The identifier of the patch is ebc66942b6f8f1fab2d640e71cf4e9f1a423b426. It is advisable to upgrade the affected component.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
Produkt Open5GS
Version 2.7.0
Status affected
Version 2.7.1
Status affected
Version 2.7.2
Status affected
Version 2.7.3
Status affected
Version 2.7.4
Status affected
Version 2.7.5
Status affected
Version 2.7.6
Status affected
Version 2.7.7
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.314
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 5.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/releases/tag/v2.7.7
https://vuldb.com/vuln/360558
https://vuldb.com/vuln/360558/cti
https://vuldb.com/submit/805675
https://github.com/open5gs/open5gs/issues/4321
https://github.com/open5gs/open5gs/commit/ebc66942b6f8f1fab2d640e71cf4e9f1a423b426