CVE-2024-34476

Опубликовано: 05 мая 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.

Ссылки

https://github.com/open5gs/open5gs/compare/v2.7.0...v2.7.1
Release Notes
Vendor Advisory
https://github.com/open5gs/open5gs/pull/3122
Issue Tracking
Vendor Advisory
https://github.com/open5gs/open5gs/compare/v2.7.0...v2.7.1
Release Notes
Vendor Advisory
https://github.com/open5gs/open5gs/pull/3122
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

Версия до 2.7.1 (исключая)

EPSS

Процентиль: 24%

0.00082

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-805

Связанные уязвимости

CVE-2024-34476

CVSS3: 5.3

debian

почти 2 года назад

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...

GHSA-w664-jc4g-5pm6

CVSS3: 5.3

github

почти 2 года назад

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len.

EPSS

Процентиль: 24%

0.00082

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-805