Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

open5gs open5gs vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2021-44109
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and previous versions allows remote malicious users to Denial of Service via a crafted sbi request.
Open5gs Open5gs
7.5
CVSSv3
CVE-2022-39063
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct ...
Open5gs Open5gs
9.8
CVSSv3
CVE-2021-28122
A request-validation issue exists in Open5GS 2.1.3 up to and including 2.2.x prior to 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative...
Open5gs Open5gs
7.5
CVSSv3
CVE-2022-43221
open5gs v2.4.11 exists to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted PFCP packet.
Open5gs Open5gs 2.4.11
7.5
CVSSv3
CVE-2022-43222
open5gs v2.4.11 exists to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted PFCP packet.
Open5gs Open5gs 2.4.11
7.5
CVSSv3
CVE-2022-43223
open5gs v2.4.11 exists to contain a memory leak in the component ngap-handler.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted UE attachment.
Open5gs Open5gs 2.4.11
8.8
CVSSv3
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
Open5gs Open5gs 2.1.3
5.9
CVSSv3
CVE-2023-50019
An issue exists in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
Open5gs Open5gs 2.6.6
7.5
CVSSv3
CVE-2023-50020
An issue exists in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
Open5gs Open5gs 2.6.6
7.5
CVSSv3
CVE-2021-45462
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.
Open5gs Open5gs 2.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook