Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open5gs open5gs vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-44109
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and previous versions allows remote malicious users to Denial of Service via a crafted sbi request.
Open5gs Open5gs
7.5
CVSSv3
CVE-2022-39063
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct ...
Open5gs Open5gs
9.8
CVSSv3
CVE-2021-28122
A request-validation issue exists in Open5GS 2.1.3 up to and including 2.2.x prior to 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative...
Open5gs Open5gs
7.5
CVSSv3
CVE-2022-43221
open5gs v2.4.11 exists to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted PFCP packet.
Open5gs Open5gs 2.4.11
7.5
CVSSv3
CVE-2022-43222
open5gs v2.4.11 exists to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted PFCP packet.
Open5gs Open5gs 2.4.11
7.5
CVSSv3
CVE-2022-43223
open5gs v2.4.11 exists to contain a memory leak in the component ngap-handler.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted UE attachment.
Open5gs Open5gs 2.4.11
8.8
CVSSv3
CVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
Open5gs Open5gs 2.1.3
5.9
CVSSv3
CVE-2023-50019
An issue exists in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
Open5gs Open5gs 2.6.6
7.5
CVSSv3
CVE-2023-50020
An issue exists in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
Open5gs Open5gs 2.6.6
7.5
CVSSv3
CVE-2021-45462
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.
Open5gs Open5gs 2.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »