📦 Open5gs

CVE-2024-40129 is a critical buffer overflow vulnerability in Open5GS v2.6.4's PFCP context handling that allows remote attackers to execute arbitrary code or cause denial of service. This affects all...

A stack-based buffer overflow vulnerability in Open5GS allows remote attackers to execute arbitrary code or cause denial of service by manipulating the OGS_KEY_LEN argument in the VoLTE Cx-Test compon...

A reachable assertion vulnerability in Open5GS UPF component causes denial of service when processing malformed PFCP Session Establishment Requests with mismatched address-family flags. This affects O...

Open5GS AMF crashes when receiving a malformed NGSetupRequest message, causing denial of service for 5G core network users. This affects all deployments running vulnerable versions of Open5GS, potenti...

A reachable assertion vulnerability in Open5GS NRF (Network Repository Function) allows attackers with network connectivity to send a specific SBI request that deletes the NRF's own registry, causing ...

A vulnerability in Open5GS allows remote attackers to cause denial of service by sending a specially crafted Create Session Request message to the SMF (PGW-C) component. The attack exploits the PDN Ad...

This vulnerability in Open5GS allows attackers to cause denial of service by triggering an assertion failure through repeated UE connect/disconnect message sequences. The AMF component crashes when pr...

A vulnerability in open5gs upf component allows remote attackers to cause denial of service by sending specially crafted PFCP SessionEstablishmentRequest packets. This affects open5gs deployments usin...

A buffer overflow vulnerability in the PFCP library of open5gs allows a local attacker to execute arbitrary code or cause denial of service by providing overly long device identifiers. This affects bo...

This vulnerability in Open5gs AMF allows remote attackers to cause a denial of service by sending specially crafted InitialUEMessage or Registration requests at specific times. The crash occurs due to...

A denial-of-service vulnerability in Open5GS v2.7.2 allows remote attackers to crash the service via the ogs_dbi_auth_info function. This affects all systems running vulnerable versions of Open5GS, pa...

This vulnerability in Open5GS allows attackers to trigger a denial of service by sending a specially crafted NGAP packet to the nas_eps_send_emm_to_esm function. Systems running Open5GS version 2.6.4 ...

This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the mme_ue_find_by_imsi function by sending a specially crafted NAS packet, causing a Denial of Service (DoS) that cr...

CVE-2024-34235 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial of service attacks. Attackers can send malformed S1AP packets to crash the MME service repeatedly. Th...

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 packets to Open5GS MME servers. Attackers can repeatedly crash the MME service by sending Path Switch R...

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial of service attacks. Attackers can send malformed ASN.1 packets over the S1AP interface to crash the M...

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packets on the S1AP interface. Attackers can send S1Setup Request messages missing the Global eNB ID field...

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion vulnerability via malformed ASN.1 packets on the S1AP interface. Attackers can send UE Capability Info Indication messages mis...

This vulnerability allows remote attackers to cause denial of service by sending specially crafted S1AP packets to Open5GS MME servers. Attackers can repeatedly crash the MME service by triggering an ...

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packets on the S1AP interface. Attackers can send UE Context Release Complete messages missing the require...

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed S1AP packets. Attackers can send UE Context Modification Failure messages missing the MME_UE_S1AP_ID field to re...

Open5GS MME versions up to 2.6.4 contain a reachable assertion vulnerability in the UE Context Release Request packet handler. An attacker can send specially crafted packets with invalid MME_UE_S1AP_I...

CVE-2023-37023 is a denial-of-service vulnerability in Open5GS MME where specially crafted Uplink NAS Transport packets without the MME_UE_S1AP_ID field cause the service to crash via a reachable asse...

CVE-2023-37013 is a denial-of-service vulnerability in Open5GS MME where attackers can send oversized ASN.1 packets over S1AP to trigger an assertion failure and crash the service. This affects all de...

CVE-2023-37014 is a denial-of-service vulnerability in Open5GS MME where attackers can send malformed S1AP packets to crash the service. This affects cellular network operators using Open5GS MME versi...

This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the amf_ue_set_suci function via crafted NAS packets, causing a Denial of Service (DoS) that crashes the service. It ...

A reachable assertion vulnerability in Open5GS's 5GMM decoding function allows attackers to cause denial of service by sending specially crafted NGAP packets. This affects Open5GS deployments up to ve...

A denial-of-service vulnerability in Open 5GS allows remote attackers to disrupt PDU session establishment by targeting NFV components like UPF and SMF. This affects Open 5GS deployments handling 5G n...

Open5GS versions before 2.7.1 contain a reachable assertion vulnerability in the AMF component that can be triggered by sending specially crafted NAS messages from a UE (User Equipment). This causes t...

This vulnerability in open5gs v2.6.6 allows attackers to crash the AMF (Access and Mobility Management Function) component by exploiting SIGPIPE signals. This affects systems running vulnerable versio...

This CVE describes a denial-of-service vulnerability in Open5GS where an attacker can register a new Virtual Network Function (VNF) value that triggers execution of the args-abort.c file, causing the ...

CVE-2023-23846 is a denial-of-service vulnerability in Open5GS GTP library where specially crafted GTPv1-U messages with zero-length extension headers cause infinite loops. This affects any system usi...

This vulnerability in Open5GS allows remote attackers to cause a Denial of Service (DoS) by sending a specially crafted SBI request to the AMF component. The null pointer dereference causes the AMF se...

A buffer overflow vulnerability in open5gs AMF component allows attackers to cause denial of service by sending specially crafted Supi messages with MSIN exceeding 24 characters. This affects open5gs ...

CVE-2021-45462 is a denial-of-service vulnerability in Open5GS 2.4.0 where a malicious User Equipment (UE) can send a specially crafted packet to crash the SGW-U/UPF components. This affects 5G core n...

This vulnerability in Open5GS allows remote attackers to execute arbitrary code or cause denial of service via a buffer overflow. Attackers can exploit it by sending a specially crafted PFCP Session E...

This vulnerability in Open5GS SMF component allows remote attackers to trigger a reachable assertion via manipulated PDP context requests, potentially causing denial of service. It affects Open5GS dep...

A memory corruption vulnerability in Open5GS MME component allows remote attackers to potentially crash the service or execute arbitrary code. This affects Open5GS deployments up to version 2.7.6. The...

This CVE describes a null pointer dereference vulnerability in Open5GS PGW S5U Address Handler that can cause denial of service. Attackers can remotely trigger this vulnerability to crash affected Ope...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the CreateBearerRequest handler, potentially causing denial of service. Systems running Open5GS versions up to...

CVE-2026-1738 is a reachable assertion vulnerability in Open5GS SGWC component that allows remote attackers to cause denial of service by manipulating PDR arguments. This affects Open5GS deployments u...

A reachable assertion vulnerability in Open5GS SGWC component allows remote attackers to cause denial of service by sending specially crafted requests. This affects Open5GS deployments up to version 2...

A denial-of-service vulnerability exists in Open5GS SGWC component where remote attackers can manipulate the ogs_gtp2_f_teid_to_ip function to crash the service. This affects Open5GS deployments up to...

A denial-of-service vulnerability exists in Open5GS SGWC component where the sgwc_s11_handle_modify_bearer_request function can be remotely triggered to crash the service. This affects Open5GS deploym...

A remote denial-of-service vulnerability exists in Open5GS SGWC component where manipulation of the sgwc_s5c_handle_bearer_resource_failure_indication function can crash the service. This affects all ...

Open5GS WebUI uses a hard-coded JWT signing key ('change-me') when the JWT_SECRET_KEY environment variable is not set, allowing attackers to forge authentication tokens. This affects all deployments o...

A denial-of-service vulnerability exists in Open5GS SGWC component where remote attackers can crash the service by sending malicious S11 protocol messages. This affects all Open5GS deployments up to v...

CVE-2025-15532 is a resource consumption vulnerability in Open5GS's Timer Handler component that allows remote attackers to cause denial of service through resource exhaustion. This affects all Open5G...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the sgwc_bearer_add function, potentially causing denial of service. It affects Open5GS deployments up to vers...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the SGW-C component, potentially causing denial of service. The issue affects Open5GS deployments up to versio...

A denial-of-service vulnerability exists in Open5GS's GTPv2 Bearer Response Handler component. Attackers can remotely crash affected systems by sending specially crafted network packets. This affects ...

A denial-of-service vulnerability exists in Open5GS's SGWC component where remote attackers can manipulate the sgwc_s5c_handle_create_session_response function to crash the service. This affects all O...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the PFCP Session Establishment Request Handler by manipulating packets. This can cause denial of service by cr...

Open5GS v2.7.5 is vulnerable to a NULL pointer dereference when receiving multipart/related HTTP POST requests with empty bodies to its Service-Based Interface (SBI). This causes a denial of service b...

A reachable assertion vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by triggering an assertion failure in the gmm_state_exception function. This affects Ope...

A denial-of-service vulnerability exists in Open5GS SMF component where the smf_gsm_state_wait_pfcp_deletion function can be manipulated remotely to crash the service. This affects Open5GS deployments...

This vulnerability in Open5GS AMF component allows remote attackers to trigger a reachable assertion via the ngap_build_downlink_nas_transport function, potentially causing denial of service. Affects ...

This vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by exploiting a flaw in the gmm_state_de_registered/gmm_state_exception functions. Systems running Open5G...

A denial-of-service vulnerability in Open5GS SMF component allows remote attackers to crash the service by manipulating stream arguments in the smf_state_operational function. This affects all Open5GS...

This vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by exploiting a flaw in the gmm_state_exception function. Systems running Open5GS versions up to 2.7.5 ar...

A denial-of-service vulnerability exists in Open5GS AMF component where the esm_handle_pdn_connectivity_request function can be manipulated by remote attackers. This affects Open5GS deployments up to ...

A denial-of-service vulnerability in Open5GS AMF/MME component allows remote attackers to crash the service by manipulating the ran_ue_id argument in the common_register_state function. This affects O...

A reachable assertion vulnerability in Open5GS AMF/MME components allows remote attackers to cause denial of service by triggering assertion failures in authentication state handling functions. This a...

This vulnerability in Open5GS allows attackers to cause a denial of service by triggering a crash in the AMF component during specific handover scenarios. Attackers can disrupt 5G network services by ...

A denial-of-service vulnerability in Open5GS AMF component allows a single malicious UE to crash the AMF service by exploiting the gmm_state_authentication function. This causes complete loss of mobil...

This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the ogs_kdf_hash_mme function by sending a specially crafted NAS packet, causing a Denial of Service (DoS) crash. It ...

A local denial-of-service vulnerability exists in Open5GS versions up to 2.7.6 where the ogs_gtp2_parse_bearer_qos function mishandles Bearer QoS IE Length, allowing an attacker with local access to c...

This vulnerability in Open5GS PFCP handler allows remote attackers to exploit improper initialization in the ogs_pfcp_handle_create_pdr function. It affects Open5GS deployments up to version 2.7.5, po...

This vulnerability in Open5GS allows remote attackers to trigger reachable assertions in PFCP (Packet Forwarding Control Protocol) handling functions, potentially causing denial of service. Affected a...

A null pointer dereference vulnerability in Open5GS's PFCP handler allows remote attackers to cause denial of service by crashing the service. This affects Open5GS deployments up to version 2.7.5 that...