Open5gs

Open5gs

116 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-29646

Exploit
  • EPSS 0.09%
  • Veröffentlicht 18.06.2025 00:00:00
  • Zuletzt bearbeitet 09.07.2025 18:27:34

An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).

5.3

CVE-2025-5935

  • EPSS 1.07%
  • Veröffentlicht 10.06.2025 04:33:57
  • Zuletzt bearbeitet 12.06.2025 16:06:39

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue...

6.9

CVE-2025-5520

Exploit
  • EPSS 0.48%
  • Veröffentlicht 03.06.2025 18:00:22
  • Zuletzt bearbeitet 09.06.2025 15:13:24

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possibl...

6.9

CVE-2025-5501

Exploit
  • EPSS 0.81%
  • Veröffentlicht 03.06.2025 14:00:21
  • Zuletzt bearbeitet 13.06.2025 19:36:40

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Han...

7.5

CVE-2025-29339

Exploit
  • EPSS 0.16%
  • Veröffentlicht 22.04.2025 00:00:00
  • Zuletzt bearbeitet 19.06.2025 00:23:24

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value prop...

6.5

CVE-2025-25774

Exploit
  • EPSS 0.08%
  • Veröffentlicht 12.03.2025 00:00:00
  • Zuletzt bearbeitet 29.04.2025 15:04:59

An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Servic...

7.5

CVE-2025-1925

Exploit
  • EPSS 0.4%
  • Veröffentlicht 04.03.2025 14:15:36
  • Zuletzt bearbeitet 23.06.2025 15:10:37

A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to...

7.5

CVE-2025-1893

Exploit
  • EPSS 0.05%
  • Veröffentlicht 04.03.2025 01:15:11
  • Zuletzt bearbeitet 06.03.2025 12:21:35

A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of serv...

7.5

CVE-2024-56921

Exploit
  • EPSS 0.95%
  • Veröffentlicht 03.02.2025 20:15:33
  • Zuletzt bearbeitet 22.04.2025 14:58:46

An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response...

7.5

CVE-2024-57519

Exploit
  • EPSS 1.03%
  • Veröffentlicht 28.01.2025 23:15:08
  • Zuletzt bearbeitet 30.04.2025 16:42:42

An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.