Vulnerabilities (CVE)

Filtered by vendor Open5gs Subscribe
Total 56 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5520 1 Open5gs 1 Open5gs 2025-06-09 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.
CVE-2022-40890 1 Open5gs 1 Open5gs 2025-05-21 N/A 7.5 HIGH
A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.
CVE-2022-43222 1 Open5gs 1 Open5gs 2025-05-02 N/A 7.5 HIGH
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
CVE-2022-43221 1 Open5gs 1 Open5gs 2025-05-02 N/A 7.5 HIGH
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.
CVE-2022-43223 1 Open5gs 1 Open5gs 2025-05-02 N/A 7.5 HIGH
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.
CVE-2024-57519 1 Open5gs 1 Open5gs 2025-04-30 N/A 7.5 HIGH
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.
CVE-2025-25774 1 Open5gs 1 Open5gs 2025-04-29 N/A 6.5 MEDIUM
An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS).
CVE-2024-34475 1 Open5gs 1 Open5gs 2025-04-22 N/A 7.5 HIGH
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.
CVE-2024-34476 1 Open5gs 1 Open5gs 2025-04-22 N/A 5.3 MEDIUM
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.
CVE-2024-33382 1 Open5gs 1 Open5gs 2025-04-22 N/A 5.3 MEDIUM
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration
CVE-2024-24429 1 Open5gs 1 Open5gs 2025-04-22 N/A 8.6 HIGH
A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
CVE-2024-24432 1 Open5gs 1 Open5gs 2025-04-22 N/A 5.3 MEDIUM
A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVE-2024-24430 1 Open5gs 1 Open5gs 2025-04-22 N/A 7.5 HIGH
A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVE-2024-24431 1 Open5gs 1 Open5gs 2025-04-22 N/A 7.5 HIGH
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
CVE-2024-34235 1 Open5gs 1 Open5gs 2025-04-22 N/A 8.6 HIGH
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.
CVE-2023-37013 1 Open5gs 1 Open5gs 2025-04-22 N/A 7.3 HIGH
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service.
CVE-2023-37014 1 Open5gs 1 Open5gs 2025-04-22 N/A 7.5 HIGH
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVE-2023-37015 1 Open5gs 1 Open5gs 2025-04-22 N/A 8.6 HIGH
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVE-2023-37016 1 Open5gs 1 Open5gs 2025-04-22 N/A 8.6 HIGH
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVE-2023-37017 1 Open5gs 1 Open5gs 2025-04-22 N/A 8.6 HIGH
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service.