Latest free5gc free5gc Vulnerabilities

CVE-2023-49391
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.
go/github.com/free5gc/amf<=1.2.0
Free5gc Free5gc=3.3.0
CVE-2023-47025
An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.
go/github.com/free5gc/free5gc<=3.3.0
Free5gc Free5gc=3.3.0
CVE-2023-47345
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutat...
go/github.com/free5gc/free5gc<=3.3.0
Free5gc Free5gc=3.3.0
CVE-2023-47347
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.
Free5gc Free5gc=3.3.0
CVE-2023-47346
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.
Free5gc Free5gc=3.3.0
Free5gc Smf=1.2.0
Free5gc Upf=1.2.0
CVE-2023-4659
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It...
Free5gc Free5gc=1.1.1
CVE-2022-38871
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
Free5gc Free5gc=3.0.5
CVE-2022-38870
Free5gc v3.2.1 is vulnerable to Information disclosure.
Free5gc Free5gc=3.2.1
CVE-2022-43677
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in `aper.GetBitString`.
Free5gc Free5gc=3.2.1
go/github.com/free5gc/free5gc<=3.2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203