Описание
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP E-RAB Release Response packet missing an expected MME_UE_S1AP_ID field.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9 (исключая)
cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00136
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-476
CWE-476
Связанные уязвимости
CVSS3: 6.5
github
около 1 года назад
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.
EPSS
Процентиль: 34%
0.00136
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-476
CWE-476