CVE-2023-50019

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-50019
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 Patch
https://github.com/open5gs/open5gs/issues/2733 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 Patch
https://github.com/open5gs/open5gs/issues/2733 Exploit Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:open5gs:open5gs:2.6.6:*:*:*:*:*:*:*
History

17 Apr 2025, 19:15

Type Values Removed Values Added
CWE CWE-400

21 Nov 2024, 08:36

Type Values Removed Values Added
References () https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 - Patch () https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 - Patch
References () https://github.com/open5gs/open5gs/issues/2733 - Exploit, Issue Tracking, Patch, Vendor Advisory () https://github.com/open5gs/open5gs/issues/2733 - Exploit, Issue Tracking, Patch, Vendor Advisory

11 Jan 2024, 17:28

Type Values Removed Values Added
First Time Open5gs
Open5gs open5gs
CPE cpe:2.3:a:open5gs:open5gs:2.6.6:*:*:*:*:*:*:*
References () https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 - () https://github.com/open5gs/open5gs/commit/7278714133422cee46c32c7523f81ec2cecad9e2 - Patch
References () https://github.com/open5gs/open5gs/issues/2733 - () https://github.com/open5gs/open5gs/issues/2733 - Exploit, Issue Tracking, Patch, Vendor Advisory
CWE CWE-755
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9

02 Jan 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-02 22:15

Updated : 2025-04-17 19:15

NVD link : CVE-2023-50019

Mitre link : CVE-2023-50019

CVE.ORG link : CVE-2023-50019

JSON object : View

Products Affected

open5gs

  • open5gs
CWE
CWE-755

Improper Handling of Exceptional Conditions

CWE-400

Uncontrolled Resource Consumption