Vulnerabilities > Free5Gc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-49391 | Unspecified vulnerability in Free5Gc 3.3.0 An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. | 7.5 |
| 2023-11-16 | CVE-2023-47025 | Resource Exhaustion vulnerability in Free5Gc 3.3.0 An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | 5.5 |
| 2023-11-15 | CVE-2023-47345 | Classic Buffer Overflow vulnerability in Free5Gc 3.3.0 Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero. | 7.5 |
| 2023-11-15 | CVE-2023-47347 | Classic Buffer Overflow vulnerability in Free5Gc 3.3.0 Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. | 7.5 |
| 2023-11-13 | CVE-2023-47346 | Classic Buffer Overflow vulnerability in Free5Gc Free5Gc, SMF and UPF Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. | 7.5 |
| 2023-10-23 | CVE-2023-46324 | Improper Verification of Cryptographic Signature vulnerability in Free5Gc UDM pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. | 7.5 |
| 2023-10-02 | CVE-2023-4659 | Cross-Site Request Forgery (CSRF) vulnerability in Free5Gc 1.1.1 Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". | 9.8 |
| 2022-11-18 | CVE-2022-38871 | Resource Exhaustion vulnerability in Free5Gc 3.0.5 In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. | 7.5 |
| 2022-10-25 | CVE-2022-38870 | Missing Authentication for Critical Function vulnerability in Free5Gc 3.2.1 Free5gc v3.2.1 is vulnerable to Information disclosure. | 7.5 |
| 2022-10-24 | CVE-2022-43677 | Unspecified vulnerability in Free5Gc 3.2.1 In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. | 5.5 |