CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the AMF process. An attacker can cause the service to crash and disrupt network operations by sending a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity...

CVE-2025-69248

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NA...

CVE-2025-69248

Summary (CVE-2025-69248) Affected: free5GC AMF service (versions up to and including 1.4.1). Vulnerability: Buffer overflow in NAS data handling, triggered by a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity. Impact: Denial of Service to the AMF and, by exte...

CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NA...

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the GetSUCI function when processing a crafted 5GS Mobile Identity in a NAS Registration Request message. An attacker can cause a crash of the AMF component by sending a specially crafted message...

CVE-2025-70121

The CVE describes an array index out of bounds in free5GC v4.0.1’s AMF GetSUCI implementation (NAS_MobileIdentity5GS.go) that can be triggered by a crafted 5GS Mobile Identity in a NAS Registration Request, causing a runtime panic and AMF denial of service. The vulnerability affects the 5G core n...

CVE-2010-0312

The doextendedOp function in ibmslapd in IBM Tivoli Directory Server TDS 6.2 on Linux allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SecureWay 3.2 Event Registration Request aka a 1.3.18.0.2.12.1 request...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper validation of the 5GS mobile identity by the AMF in the Registration Request. An attacker can cause a slice reference overflow by sending specially crafted input data. Remediation Upgrade...

CVE-2024-56921

An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmmstateexception function upon receipt of the NausfUEAuthenticationAuthenticate response...

CVE-2024-56921

An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmmstateexception function upon receipt of the NausfUEAuthenticationAuthenticate response...

Design/Logic Flaw

An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of NudmUECMRegistration response...

CVE-2023-50019

An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of NudmUECMRegistration response...

CVE-2023-50019

An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of NudmUECMRegistration response...

PT-2023-13298 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to a Transient DOS in the Modem due to a NULL pointer dereference. This occurs while receiving a response to an lwm2m registration, update, or bootstrap request message...

Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability

A vulnerability in the training registration page in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to enumerate email addresses of registered attendees. The vulnerability is due to registration error messages that allow a user to determine that an email address...

Null pointer dereference

The doextendedOp function in ibmslapd in IBM Tivoli Directory Server TDS 6.2 on Linux allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SecureWay 3.2 Event Registration Request aka a 1.3.18.0.2.12.1 request...

CVE-2010-0312

The doextendedOp function in ibmslapd in IBM Tivoli Directory Server TDS 6.2 on Linux allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SecureWay 3.2 Event Registration Request aka a 1.3.18.0.2.12.1 request...

CVE-2010-0312

CVE-2010-0312 affects IBM Tivoli Directory Server 6.2 on Linux; the vulnerability is in the do_extendedOp function of ibmslapd, where a crafted SecureWay 3.2 Event Registration Request (1.3.18.0.2.12.1) can trigger a NULL pointer dereference and daemon crash, resulting in a denial of service. Red...