Vulnerabilities > Open5Gs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-21 | CVE-2024-24427 | Reachable Assertion vulnerability in Open5Gs A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | 7.5 |
| 2025-01-21 | CVE-2024-24428 | Reachable Assertion vulnerability in Open5Gs A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. | 7.5 |
| 2024-07-16 | CVE-2024-40129 | Out-of-bounds Write vulnerability in Open5Gs 2.6.4 Open5GS v2.6.4 is vulnerable to Buffer Overflow. | 9.8 |
| 2024-07-16 | CVE-2024-40130 | Out-of-bounds Write vulnerability in Open5Gs 2.6.4 open5gs v2.6.4 is vulnerable to Buffer Overflow. | 9.8 |
| 2024-01-02 | CVE-2023-50019 | Improper Handling of Exceptional Conditions vulnerability in Open5Gs 2.6.6 An issue was discovered in open5gs v2.6.6. | 5.9 |
| 2024-01-02 | CVE-2023-50020 | Resource Exhaustion vulnerability in Open5Gs 2.6.6 An issue was discovered in open5gs v2.6.6. | 7.5 |
| 2023-10-03 | CVE-2023-4882 | Improper Resource Shutdown or Release vulnerability in Open5Gs DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. | 7.5 |
| 2023-10-03 | CVE-2023-4883 | Release of Invalid Pointer or Reference vulnerability in Open5Gs Invalid pointer release vulnerability. | 7.5 |
| 2023-10-03 | CVE-2023-4884 | Missing Authentication for Critical Function vulnerability in Open5Gs An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | 7.5 |
| 2023-10-03 | CVE-2023-4885 | Unspecified vulnerability in Open5Gs Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | 5.9 |