exploitDog

CVE-2023-37029

Опубликовано: 21 янв. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.

Ссылки

https://cellularsecurity.org/ransacked
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*:*

Версия до 1.8.0 (включая)

EPSS

Процентиль: 35%

0.00146

Низкий

7.5 High

CVSS3

Дефекты

CWE-617

CWE-617

Связанные уязвимости

GHSA-36m4-mv4f-9c4q

CVSS3: 7.5

github

около 1 года назад

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.

EPSS

Процентиль: 35%

0.00146

Низкий

7.5 High

CVSS3

Дефекты

CWE-617

CWE-617