Описание
Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP E-RAB Modification Indication packet missing an expected eNB_UE_S1AP_ID field.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9 (исключая)
cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00133
Низкий
6.5 Medium
CVSS3
5.7 Medium
CVSS3
Дефекты
CWE-476
CWE-476
Связанные уязвимости
CVSS3: 6.5
github
около 1 года назад
Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
EPSS
Процентиль: 33%
0.00133
Низкий
6.5 Medium
CVSS3
5.7 Medium
CVSS3
Дефекты
CWE-476
CWE-476