Lucene search
GoogleOSV:GO-2022-1083HistoryNov 02, 2022 - 9:52 p.m.
Panic on malformed messages in github.com/free5gc/aper
2022-11-0221:52:22
Google
osv.dev
10
malformed message
crash
free5gc/amf
free5gc/ngap
decoders
index-out-of-range
panic
aper.getbitstring
software
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
23.8%
A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an index-out-of-range panic in aper.GetBitString.
References
Related
osv
osv
CVE-2022-43677
2022-10-24 14:15:53
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00
nvd
nvd
CVE-2022-43677
2022-10-24 14:15:53
cve
cve
CVE-2022-43677
2022-10-24 14:15:53
github
github
cnvd
cnvd
free5GC Denial of Service Vulnerability
2022-10-26 00:00:00
thn
thn
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
2023-10-28 07:20:00
cvelist
cvelist
CVE-2022-43677
2022-10-24 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
23.8%
Related for OSV:GO-2022-1083