CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34473
https://notcve.org/view.php?id=CVE-2024-34473
04 May 2024 — An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. Se descubrió un problema en appmgr en O-RAN Near-RT RIC I-Release. Un atacante podría registrar un tipo de mensaje RMR no deseado durante el registro de xApp para interrumpir otros componentes del servicio. • https://jira.o-ran-sc.org/browse/RIC-1055 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34048
https://notcve.org/view.php?id=CVE-2024-34048
29 Apr 2024 — O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. O-RAN RIC I-Release e2mgr carece de comprobaciones de tamaño de matriz en E2nodeConfigUpdateNotificationHandler. • https://gerrit.o-ran-sc.org/r/c/ric-plt/e2mgr/+/12629 • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34045
https://notcve.org/view.php?id=CVE-2024-34045
29 Apr 2024 — The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). La función de incremento métrico de O-RAN E2T I-Release Prometheus puede fallar en sctpThread.cpp para message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). • https://jira.o-ran-sc.org/browse/RIC-1047 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34046
https://notcve.org/view.php?id=CVE-2024-34046
29 Apr 2024 — The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). La función de incremento métrico de O-RAN E2T I-Release Prometheus puede fallar en sctpThread.cpp para message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). • https://jira.o-ran-sc.org/browse/RIC-1047 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42358
https://notcve.org/view.php?id=CVE-2023-42358
03 Jan 2024 — An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. Se descubrió un problema en O-RAN Software Community ric-plt-e2mgr en el entorno G-Release, que permite a atacantes remotos provocar una denegación de servicio (DoS) a través de una solicitud manipulada al componente API de E2Manager. • https://jira.o-ran-sc.org/browse/RIC-1009 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41627
https://notcve.org/view.php?id=CVE-2023-41627
01 Sep 2023 — O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. O-RAN Software Community ric-plt-lib-rmr v4.9.0 no valida la fuente de las tablas de enrutamiento que recibe, permitiendo potencialmente a los atacantes enviar tablas de enrutamiento falsificadas al dispositivo. • https://jira.o-ran-sc.org/browse/RIC-1001 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41628
https://notcve.org/view.php?id=CVE-2023-41628
01 Sep 2023 — An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. Un problema en O-RAN Software Community E2 G-Release permite a los atacantes provocar una denegación de servicio (DoS) iniciando incorrectamente el procedimiento de mensajería entre los componentes "E2Node" y "E2Term". • https://jira.o-ran-sc.org/browse/RIC-1002 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40997
https://notcve.org/view.php?id=CVE-2023-40997
28 Aug 2023 — Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. • https://jira.o-ran-sc.org/browse/RIC-991 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40998
https://notcve.org/view.php?id=CVE-2023-40998
28 Aug 2023 — Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. • https://jira.o-ran-sc.org/browse/RIC-989 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •