6 matches found
CVE-2026-10156 Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...
EUVD-2026-30680
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogssbiclientadd in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument clientpool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...
PT-2026-41517
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs sbi client add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client pool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...
First depositor can manipulate the invariant of a pool
Lines of code Vulnerability details Impact someone can call deposit upon pool creation, with a custom liquidity variable and small first deposit to change the behaviour of the pool, as a way to attack the protocol. even if a pool is setup and initialized correctly, there is not guaranteed that th...
ThecosomataETH.addLiquidity can be subject to sandwich attack
Lines of code Vulnerability details Impact Liquidity addition can happen at a manipulated pool state and result in receiving fewer LP shares than actual market state dictates Proof of Concept addLiquidity measures slippage based on the pool returned amount via calctokenamount: Pool returned amoun...
Attacker can grief initial pool by providing 1 baseToken, 1 quoteToken, and manually transferring 1 baseToken
Handle camden Vulnerability details Impact Read the attack composition below. But the main criteria is that the attacker has to be the first person to provide liquidity. They can at least from my testing permanently grief a pool and make it impossible for any later person to get liquidity tokens,...