27 matches found
PT-2025-1412 · Open5Gs · Open5Gs Mme
Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue allows an attacker to send a "UE Context Release Complete" message without the required MME UE S1AP ID field, which can cause the MME to crash repeatedly, resulting in denial of...
CVE-2023-37014
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
PT-2025-1406 · Open5Gs · Open5Gs Mme
Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue concerns an assertion in Open5GS MME that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that stems from the inclusion of reachable assertions in the UE Context Release Request packet handler. An attacker...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited by an attacker to send a "UE Context Release Request" message missing the required mmeues1apid' field to...
CVE-2024-24455
An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service DoS to the cellular network by repeatedly initiating connections and sending a crafted payload...
CVE-2021-47091
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211startap error path We need to hold the local-mtx to release the channel context, as even encoded by the lockdepassertheld there. Fix it...