Filtered by vendor Open5gs
Subscribe
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5520 | 1 Open5gs | 1 Open5gs | 2025-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893. | |||||
| CVE-2022-40890 | 1 Open5gs | 1 Open5gs | 2025-05-21 | N/A | 7.5 HIGH |
| A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | |||||
| CVE-2022-43222 | 1 Open5gs | 1 Open5gs | 2025-05-02 | N/A | 7.5 HIGH |
| open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | |||||
| CVE-2022-43221 | 1 Open5gs | 1 Open5gs | 2025-05-02 | N/A | 7.5 HIGH |
| open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | |||||
| CVE-2022-43223 | 1 Open5gs | 1 Open5gs | 2025-05-02 | N/A | 7.5 HIGH |
| open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. | |||||
| CVE-2024-57519 | 1 Open5gs | 1 Open5gs | 2025-04-30 | N/A | 7.5 HIGH |
| An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. | |||||
| CVE-2025-25774 | 1 Open5gs | 1 Open5gs | 2025-04-29 | N/A | 6.5 MEDIUM |
| An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS). | |||||
| CVE-2024-34475 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. | |||||
| CVE-2024-34476 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len. | |||||
| CVE-2024-33382 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | |||||
| CVE-2024-24429 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | |||||
| CVE-2024-24432 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-24430 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-24431 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. | |||||
| CVE-2024-34235 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37013 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.3 HIGH |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service. | |||||
| CVE-2023-37014 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Release Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37015 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Path Switch Request` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37016 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37017 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Global eNB ID` field to repeatedly crash the MME, resulting in denial of service. | |||||