Lucene search

[email protected]NVD:CVE-2022-43222

HistoryNov 01, 2022 - 2:15 p.m.

CVE-2022-43222

2022-11-0114:15:15

CWE-401

[email protected]

web.nvd.nist.gov

open5gs

memory leak

vulnerability

dos

pfcp packet

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.8%

JSON

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.

Affected configurations

Nvd

Node

open5gsopen5gsMatch2.4.11

VendorProductVersionCPE
open5gsopen5gs2.4.11cpe:2.3:a:open5gs:open5gs:2.4.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open5gs	open5gs	2.4.11	cpe:2.3:a:open5gs:open5gs:2.4.11:::::::*

References

github.com/ToughRunner/Open5gs_bugreport4

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.8%

JSON

Related for NVD:CVE-2022-43222

prion1 cve1 cnvd1 cvelist1