CVE-2023-37019

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an S1Setup Request message missing a required Supported TAs field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37013

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the ogssctprecvmsg routine to reach an unexpected network state and crash, leading to...

CVE-2023-37020

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Complete message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37015

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Path Switch Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37005

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Failure message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37017

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an S1Setup Request message missing a required Global eNB ID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37008

Open5GS MME versions = 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in...

CVE-2023-37004

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Response message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37011

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Required message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37014

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37003

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an E-RAB Setup Response message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37018

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37022

Open5GS MME versions = 2.6.4 contain a reachable assertion in the UE Context Release Request packet handler. A packet containing an invalid MMEUES1APID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service...

CVE-2023-37010

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an eNB Status Transfer message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37007

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Cancel message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2024-34235

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NASPDU field to repeatedly crash the MME, resulting in denial of service...

CVE-2024-34235

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NASPDU field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37015

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Path Switch Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2023-37023

Open5GS MME versions = 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MMEUES1APID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service...

CVE-2023-37021

Open5GS MME version = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Modification Failure message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...