Open5gs

Open5gs

114 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2023-37023

Exploit
  • EPSS 0.32%
  • Veröffentlicht 22.01.2025 15:15:11
  • Zuletzt bearbeitet 22.04.2025 17:13:07

Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.

5.3

CVE-2023-37005

Exploit
  • EPSS 0.09%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:14:13

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repea...

5.3

CVE-2023-37006

Exploit
  • EPSS 0.12%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:14:11

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly cras...

5.3

CVE-2023-37007

Exploit
  • EPSS 0.12%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:14:08

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the...

5.3

CVE-2023-37008

Exploit
  • EPSS 0.03%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:14:06

Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use thi...

6.3

CVE-2023-37009

Exploit
  • EPSS 0.3%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:14:04

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly cra...

6.3

CVE-2023-37010

Exploit
  • EPSS 0.3%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:14:00

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly cras...

6.3

CVE-2023-37011

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:13:57

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash t...

5.3

CVE-2023-37012

Exploit
  • EPSS 0.12%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:13:53

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash ...

7.3

CVE-2023-37013

Exploit
  • EPSS 0.3%
  • Veröffentlicht 22.01.2025 15:15:10
  • Zuletzt bearbeitet 22.04.2025 17:15:29

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reac...