Lucene search

INCIBECVELIST:CVE-2023-4883

HistoryOct 03, 2023 - 2:42 p.m.

CVE-2023-4883 Multiple vulnerabilities in Open5GS

2023-10-0314:42:39

CWE-763

INCIBE

www.cve.org

cve-2023-4883

open5gs

vulnerabilities

invalid pointer release

exploitation

attacker

specially crafted

json string

vnf

service outage

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.6%

JSON

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Open5GS",
    "vendor": "Open5GS",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.10 and prior"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-open5gs

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.6%

JSON

Related for CVELIST:CVE-2023-4883