Shodan
Vulnerabilities
Vulnerable Software
Open5gs:  >> Open5gs  Security Vulnerabilities
CVE-2023-37003
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-01-22
CVE-2023-37004
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-01-22
CVE-2024-24427
A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-21
CVE-2024-24428
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-21
CVE-2024-24431
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-11-15
CVE-2024-40129
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-07-16
CVE-2024-40130
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-07-16
CVE-2024-33382
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration
CVSS Score
5.3
EPSS Score
0.002
Published
2024-05-08
CVE-2024-34475
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-05-05
CVE-2024-34476
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved