Vulnerabilities > Open5Gs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2023-23846 | Allocation of Resources Without Limits or Throttling vulnerability in Open5Gs Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. | 7.5 |
| 2022-11-01 | CVE-2022-43221 | Memory Leak vulnerability in Open5Gs 2.4.11 open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. | 7.5 |
| 2022-11-01 | CVE-2022-43222 | Memory Leak vulnerability in Open5Gs 2.4.11 open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. | 7.5 |
| 2022-11-01 | CVE-2022-43223 | Memory Leak vulnerability in Open5Gs 2.4.11 open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. | 7.5 |
| 2022-09-29 | CVE-2022-40890 | Improper Resource Shutdown or Release vulnerability in Open5Gs A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | 7.5 |
| 2022-09-28 | CVE-2022-3354 | Unspecified vulnerability in Open5Gs A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. | 7.5 |
| 2022-09-26 | CVE-2022-3299 | Unspecified vulnerability in Open5Gs A vulnerability was found in Open5GS up to 2.4.10. | 6.5 |
| 2022-09-16 | CVE-2022-39063 | Unspecified vulnerability in Open5Gs When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. | 7.5 |
| 2022-04-05 | CVE-2021-44108 | NULL Pointer Dereference vulnerability in Open5Gs A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. | 7.5 |
| 2022-04-05 | CVE-2021-44109 | Out-of-bounds Write vulnerability in Open5Gs A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. | 7.5 |