CVE-2026-32319 Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all...

CVE-2023-37030

A Null pointer dereference vulnerability in the Mobile Management Entity MME in Magma = 1.8.0 fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486 allows network-adjacent attackers to crash the MME via an S1AP Initial UE Message packet missing an expected eNBUES1APID field...

CVE-2024-56921

An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmmstateexception function upon receipt of the NausfUEAuthenticationAuthenticate response...

Open5GS Denial of Service Vulnerability (CNVD-2025-03154)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited to cause a denial of service by an attacker who sends an "Initial UE Message" that lacks the required...

Open5GS Denial of Service Vulnerability (CNVD-2025-03148)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who would send an initial UE message'' message that lacks th...

PT-2025-3347 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5gs version 2.7.2 Description: A problem was discovered in Open5gs where the InitialUEMessage, a registration request sent at a specific time, can cause AMF to crash due to incorrect error handling of the gmm state exception function when...

CVE-2024-34235

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NASPDU field to repeatedly crash the MME, resulting in denial of service...

PT-2025-2417 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a malformed ASN.1 packet over the S1AP interface, triggering an assertion that can cause the MME to crash repeatedly, resulting in denial of service. This c...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited to cause a denial of service by an attacker who sends an "Initial UE Message" that lacks the required...

CVE-2024-34235

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NASPDU field to repeatedly crash the MME, resulting in denial of service...

PT-2025-1431 · Magma · Magma

Name of the Vulnerable Software and Affected Versions: Magma versions 1.8.0 and earlier Description: A Null pointer dereference issue in the Mobile Management Entity MME allows network-adjacent attackers to crash the MME via an S1AP "Initial UE Message" packet missing an expected RRC Establishmen...

PT-2025-1426 · Magma · Magma

Name of the Vulnerable Software and Affected Versions: Magma versions 1.8.0 and earlier Description: A null pointer dereference issue in the Mobile Management Entity MME allows network-adjacent attackers to crash the MME via an S1AP "Initial UE Message" packet missing an expected TAI field. This...

PT-2024-20398 · Unknown · Openairinterface Cn5G Amf

Name of the Vulnerable Software and Affected Versions: OpenAirInterface CN5G AMF versions up to 2.0.0 Description: The issue is caused by an uninitialized pointer dereference in the NasPdu::NasPdu component, allowing attackers to cause a Denial of Service DoS via a crafted InitialUEMessage messag...