Known Vulnerabilities for products from Open5gs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Open5gs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-4988 json | A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of ... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2025-15555 json | A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_ma... | Not Provided | 2026-02-04 | 2026-04-07 |
| CVE-2023-23846 json | Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing ex... | 7.5 - HIGH | 2023-02-01 | 2023-02-08 |
| CVE-2023-4885 json | Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications res... | 5.9 - MEDIUM | 2023-10-03 | 2023-10-05 |
| CVE-2023-4884 json | An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the la... | 7.5 - HIGH | 2023-10-03 | 2023-10-05 |
| CVE-2023-4883 json | Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct o... | 7.5 - HIGH | 2023-10-03 | 2023-10-05 |
| CVE-2023-4882 json | DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trig... | 7.5 - HIGH | 2023-10-03 | 2023-10-05 |
| CVE-2022-43223 json | open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers ... | 7.5 - HIGH | 2022-11-01 | 2022-11-02 |
| CVE-2022-43222 json | open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attac... | 7.5 - HIGH | 2022-11-01 | 2022-11-02 |
| CVE-2022-43221 json | open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attac... | 7.5 - HIGH | 2022-11-01 | 2022-11-02 |
| CVE-2022-40890 json | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | 7.5 - HIGH | 2022-09-29 | 2022-10-03 |
| CVE-2022-39063 json | When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establ... | 7.5 - HIGH | 2022-09-16 | 2022-09-21 |
| CVE-2022-3354 json | A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code... | 7.5 - HIGH | 2022-09-28 | 2022-09-30 |
| CVE-2022-3299 json | A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an ... | 6.5 - MEDIUM | 2022-09-26 | 2022-10-03 |
| CVE-2021-45462 json | In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | 7.5 - HIGH | 2021-12-23 | 2023-09-25 |
| CVE-2021-44109 json | A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafte... | 7.5 - HIGH | 2022-04-05 | 2022-04-13 |
| CVE-2021-44108 json | A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Servic... | 7.5 - HIGH | 2022-04-05 | 2022-04-13 |
| CVE-2021-44081 json | A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it... | 7.5 - HIGH | 2022-03-29 | 2022-04-05 |
| CVE-2021-41794 json | ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer over... | 7.5 - HIGH | 2021-10-07 | 2021-10-15 |
| CVE-2021-28122 json | A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthen... | 9.8 - CRITICAL | 2021-03-10 | 2022-07-12 |
Known software with vulnerabilities from Open5gs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Open5gs | Open5gs | 0.1.0 |