CVE-2023-37013

Опубликовано: 22 янв. 2025

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the ogs_sctp_recvmsg routine to reach an unexpected network state and crash, leading to denial of service.

Ссылки

https://cellularsecurity.org/ransacked
Third Party Advisory
Exploit
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

Версия до 2.6.4 (включая)

EPSS

Процентиль: 18%

0.00056

Низкий

7.3 High

CVSS3

Дефекты

CWE-617

Связанные уязвимости

CVE-2023-37013

CVSS3: 7.3

debian

10 месяцев назад

Open5GS MME versions <= 2.6.4 contains an assertion that can be remote ...

GHSA-5jwj-c4gj-x35c

CVSS3: 7.3

github

10 месяцев назад

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service.

BDU:2025-13321

CVSS3: 7.3

fstec

почти 2 года назад

Уязвимость компонента управления мобильностью MME средства создания и управления мобильной сетью NR/LTE Open5GS, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 18%

0.00056

Низкий

7.3 High

CVSS3

Дефекты

CWE-617