Filtered by vendor Open5gs
Subscriptions
Filtered by product Open5gs
Subscriptions
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1925 | 1 Open5gs | 1 Open5gs | 2025-06-23 | 5.3 Medium |
| A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-29339 | 1 Open5gs | 1 Open5gs | 2025-06-19 | 7.5 High |
| An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash. | ||||
| CVE-2023-50020 | 1 Open5gs | 1 Open5gs | 2025-06-18 | 7.5 High |
| An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. | ||||
| CVE-2025-5501 | 1 Open5gs | 1 Open5gs | 2025-06-13 | 5.3 Medium |
| A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-5520 | 1 Open5gs | 1 Open5gs | 2025-06-09 | 5.3 Medium |
| A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893. | ||||
| CVE-2022-40890 | 1 Open5gs | 1 Open5gs | 2025-05-21 | 7.5 High |
| A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | ||||
| CVE-2022-43222 | 1 Open5gs | 1 Open5gs | 2025-05-02 | 7.5 High |
| open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | ||||
| CVE-2022-43221 | 1 Open5gs | 1 Open5gs | 2025-05-02 | 7.5 High |
| open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | ||||
| CVE-2022-43223 | 1 Open5gs | 1 Open5gs | 2025-05-02 | 7.5 High |
| open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. | ||||
| CVE-2024-57519 | 1 Open5gs | 1 Open5gs | 2025-04-30 | 7.5 High |
| An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. | ||||
| CVE-2025-25774 | 1 Open5gs | 1 Open5gs | 2025-04-29 | 6.5 Medium |
| An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS). | ||||
| CVE-2024-34475 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 7.5 High |
| Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. | ||||
| CVE-2024-34476 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 5.3 Medium |
| Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len. | ||||
| CVE-2024-33382 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 5.3 Medium |
| An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | ||||
| CVE-2024-24429 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 8.6 High |
| A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | ||||
| CVE-2024-24432 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 5.3 Medium |
| A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24430 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 7.5 High |
| A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24431 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 7.5 High |
| A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. | ||||
| CVE-2024-34235 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 8.6 High |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service. | ||||
| CVE-2023-37013 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 7.3 High |
| Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service. | ||||