Lucene search

[email protected]CVE-2023-47347

HistoryNov 15, 2023 - 10:15 p.m.

CVE-2023-47347

2023-11-1522:15:27

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-47347

buffer overflow

free5gc 3.3.0

denial of service

pfcp

sequence number

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.

Affected configurations

NVD

Node

free5gcfree5gcMatch3.3.0

CPENameOperatorVersion
free5gc:free5gcfree5gceq3.3.0

CPE	Name	Operator	Version
free5gc:free5gc	free5gc	eq	3.3.0

References

github.com/free5gc/free5gc/issues/496

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-47347

osv1 prion1 nvd1 cvelist1