22 matches found
CVE-2024-24421
CVE-2024-24421 describes a type confusion in Magma’s nas_message_decode function that affects Magma
CVE-2024-24420
CVE-2024-24420 affects Magma, where a reachable assertion in the decode_linked_ti_ie function within Magma
CVE-2023-37027
CVE-2023-37027 concerns Magma’s Mobile Management Entity (MME). A null pointer dereference in Magma ≤ 1.8.0 can crash the MME when processing an S1AP “E-RAB Modification Indication” packet that omits the expected eNB_UE_S1AP_ID field. This is fixed in Magma v1.9, commit 08472ba98b8321f802e95f5622...
CVE-2023-37028
CVE-2023-37028 describes a null pointer dereference in the Mobile Management Entity (MME) of Magma
CVE-2024-24423
The CVE-2024-24423 entry describes a buffer overflow in the decode_esm_message_container function of Linux Foundation Magma
CVE-2024-24422
The CVE-2024-24422 vulnerability affects Linux Foundation Magma up to version 1.8.0 and was fixed in v1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486). It is caused by a stack overflow in decode_protocol_configuration_options within /3gpp/3gpp_24.008_sm_ies.c, enabling a Denial of Service vi...
CVE-2024-24416
The CVE-2024-24416 entry concerns Linux Foundation Magma up to version 1.8.0, with fixes in v1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486). A buffer overflow in decode_access_point_name_ie (file /3gpp/3gpp_24.008_sm_ies.c) is described, enabling a Denial of Service via a crafted NAS packe...
CVE-2023-37031
CVE-2023-37031 affects Magma’s Mobile Management Entity (MME)
CVE-2024-24418
The CVE-2024-24418 entry affects Linux Foundation Magma software up to version 1.8.0, with a fix in the v1.9 branch (commit 08472ba98b8321f802e95f5622fa90fec2dea486). The vulnerability is a buffer overflow in the decode_pdn_address function located at /nas/ies/PdnAddress.cpp, which can be trigger...
CVE-2024-24419
The Red Hat and associated feeds confirm a buffer overflow in Magma core: Linux Foundation Magma
CVE-2023-37033
Magma MME (Mobile Management Entity) vulnerable to a null pointer dereference in versions
CVE-2023-37036
The CVE-2023-37036 issue affects Magma’s Mobile Management Entity (MME) in versions up to 1.8.0 and is resolved in the 1.9 branch (commit 08472ba98b8321f802e95f5622fa90fec2dea486). It is a null pointer dereference caused by an S1AP Uplink NAS Transport packet that omits the expected ENB_UE_S1AP_I...
CVE-2023-37038
CVE-2023-37038 describes a null pointer dereference in Magma’s Mobile Management Entity (MME). The vulnerability affects Magma up to version 1.8.0 and allows network-adjacent attackers to crash the MME by sending an S1AP “Uplink NAS Transport” packet that omits the required MME_UE_S1AP_ID field. ...
CVE-2023-37025
Magma MME contains a null pointer dereference in versions <= 1.8.0 that allows network-adjacent attackers to crash the MME by sending an S1AP Reset packet missing an expected ResetType field. The issue is fixed in Magma v1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486). Affected product: ...
CVE-2023-37030
CVE-2023-37030 : A null pointer dereference in the Mobile Management Entity (MME) of Magma
CVE-2024-24417
CVE-2024-24417 affects the Linux Foundation Magma open source platform, specifically versions
CVE-2023-37032
CVE-2023-37032 corresponds to a stack-based buffer overflow in the Magma MME component. Affected: Magma versions
CVE-2023-37034
CVE-2023-37034 describes a null pointer dereference in Magma’s Mobile Management Entity (MME) when handling an S1AP Initial UE Message lacking an expected TAI field. Affected versions are Magma
CVE-2023-37037
Magma's Mobile Management Entity (MME) contains a null pointer dereference in versions
CVE-2023-37024
CVE-2023-37024 affects Magma’s Mobile Management Entity (MME)
CVE-2023-37026
The CVE-2023-37026 item affects Magma’s Mobile Management Entity (MME) and is caused by a null pointer dereference when handling an S1AP E-RAB Release Response packet missing the MME_UE_S1AP_ID field. Affected version: Magma
CVE-2023-37029
Magma CVE-2023-37029 affects Magma MME in versions