35 matches found
CVE-2023-37013
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the ogssctprecvmsg routine to reach an unexpected network state and crash, leading to...
CVE-2023-37017
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an S1Setup Request message missing a required Global eNB ID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37008
Open5GS MME versions = 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in...
CVE-2023-37011
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Required message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37014
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37018
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37007
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Cancel message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2024-34235
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NASPDU field to repeatedly crash the MME, resulting in denial of service...
CVE-2024-34235
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NASPDU field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37018
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37023
Open5GS MME versions = 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MMEUES1APID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service...
CVE-2023-37015
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Path Switch Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37019
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an S1Setup Request message missing a required Supported TAs field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37020
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Complete message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37009
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Notification message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37010
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an eNB Status Transfer message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37010
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an eNB Status Transfer message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37005
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Failure message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37013
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the ogssctprecvmsg routine to reach an unexpected network state and crash, leading to...
CVE-2023-37012
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message message missing a required PLMN Identity field to repeatedly crash the MME, resulting in denial of service...