Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open5gs open5gs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an malicious user to cause a denial of service via the 64 unsuccessful UE/gnb registration
NA
CVE-2024-34475
Open5GS prior to 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.
NA
CVE-2024-34476
Open5GS prior to 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.
NA
CVE-2023-50019
An issue exists in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.
Open5gs Open5gs 2.6.6
NA
CVE-2023-50020
An issue exists in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
Open5gs Open5gs 2.6.6
NA
CVE-2023-4882
DOS vulnerability that could allow an malicious user to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.
Open5gs Open5gs
NA
CVE-2023-4883
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an malicious user to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free fun...
Open5gs Open5gs
NA
CVE-2023-4884
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
Open5gs Open5gs
NA
CVE-2023-4885
Man in the Middle vulnerability, which could allow an malicious user to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.
Open5gs Open5gs
NA
CVE-2023-23846
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The...
Open5gs Open5gs
Open5gs Open5gs 2.5.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »