Shodan
Vulnerabilities
Vulnerable Software
Free5gc:  >> Free5gc  Security Vulnerabilities
CVE-2025-29632
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-29
CVE-2023-49391
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.
CVSS Score
7.5
EPSS Score
0.031
Published
2023-12-22
CVE-2023-47025
An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-16
CVE-2023-47345
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-15
CVE-2023-47347
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-15
CVE-2023-47346
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-13
CVE-2023-4659
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-02
CVE-2022-38871
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-18
CVE-2022-38870
Free5gc v3.2.1 is vulnerable to Information disclosure.
CVSS Score
7.5
EPSS Score
0.856
Published
2022-10-25
CVE-2022-43677
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-10-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved