Open5gs Security Vulnerabilities

CVE-2023-50020

An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash...

CVE-2023-50019

An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration...

CVE-2023-4882

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to...

CVE-2023-4883

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause.....

CVE-2023-4885

Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive...

CVE-2023-4884

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of...

CVE-2023-23846

Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process.....

CVE-2022-43223

open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE...

CVE-2022-43221

open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP...

CVE-2022-43222

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP...

CVE-2022-40890

A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of...

CVE-2022-3354

A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may....

CVE-2022-3299

A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the....

CVE-2022-39063

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...

CVE-2021-44108

A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to...

CVE-2021-44109

A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi...

CVE-2021-44081

A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of...

CVE-2021-45462

In Open5GS 2.4.0, a crafted packet from UE can crash...

CVE-2021-41794

ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used....

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. The....

CVE-2021-25863

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin...