Filtered by vendor Open5gs
Subscribe
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37017 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37018 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37019 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37020 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Complete` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37021 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37002 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37003 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37004 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37005 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37006 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Request Ack` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37007 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37008 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances. | |||||
| CVE-2023-37009 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 6.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37010 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 6.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37011 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 6.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37012 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37022 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | |||||
| CVE-2023-37023 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | |||||
| CVE-2024-56921 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response. | |||||
| CVE-2023-50019 | 1 Open5gs | 1 Open5gs | 2025-04-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. | |||||