CVE-2023-37012

CVE-2023-37012

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service.

GHSA-9qxf-frvg-wwgq

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service.

BDU:2025-13320

Уязвимость компонента управления мобильностью MME средства создания и управления мобильной сетью NR/LTE Open5GS, позволяющая нарушителю вызвать отказ в обслуживании