Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open5gs open5gs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23846
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The...
Open5gs Open5gs
Open5gs Open5gs 2.5.6
NA
CVE-2022-3299
A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotel...
Open5gs Open5gs
5
CVSSv2
CVE-2021-44108
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and previous versions allows remote malicious users to Denial of Service via a crafted sbi request to amf.
Open5gs Open5gs
5
CVSSv2
CVE-2021-41794
ogs_fqdn_parse in Open5GS 1.0.0 up to and including 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is ...
Open5gs Open5gs
NA
CVE-2022-39063
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct ...
Open5gs Open5gs
NA
CVE-2023-4883
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an malicious user to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free fun...
Open5gs Open5gs
NA
CVE-2023-4884
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
Open5gs Open5gs
NA
CVE-2023-4885
Man in the Middle vulnerability, which could allow an malicious user to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.
Open5gs Open5gs
NA
CVE-2023-4882
DOS vulnerability that could allow an malicious user to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.
Open5gs Open5gs
5
CVSSv2
CVE-2021-44109
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and previous versions allows remote malicious users to Denial of Service via a crafted sbi request.
Open5gs Open5gs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »