CVE-2026-44473

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...

Open5GS has an unspecified vulnerability (CNVD-2025-03161)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited by an attacker to send an "E-RAB Setup Response" message that lacks the required mmeues1apid' field to...

Open5GS has an unspecified vulnerability (CNVD-2025-03190)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends an "Initial Context Setup Response" message that...

CVE-2023-37003

Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an E-RAB Setup Response message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2024-24450

Stack-based memcpy buffer overflow in the ngaphandlepdusessionresourcesetupresponse routine in OpenAirInterface CN5G AMF = 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource...

CVE-2024-24450

Stack-based memcpy buffer overflow in the ngaphandlepdusessionresourcesetupresponse routine in OpenAirInterface CN5G AMF = 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource...

CVE-2024-24450

Stack-based memcpy buffer overflow in the ngaphandlepdusessionresourcesetupresponse routine in OpenAirInterface CN5G AMF = 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource...

CVE-2024-24447

A buffer overflow in the ngapamfhandlepdusessionresourcesetupresponse function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service DoS via a PDU Session Resource Setup Response with an empty Response Item list...

PT-2024-20397 · Unknown · Oai-Cn5G-Amf

Name of the Vulnerable Software and Affected Versions: oai-cn5g-amf versions up to v2.0.0 Description: A buffer overflow in the ngap amf handle pdu session resource setup response function allows attackers to cause a Denial of Service DoS via a PDU Session Resource Setup Response with an empty...