CVE-2024-24431
https://notcve.org/view.php?id=CVE-2024-24431
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. • https://cellularsecurity.org/ransacked https://open5gs.org •
CVE-2024-24447
https://notcve.org/view.php?id=CVE-2024-24447
A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list. • https://cellularsecurity.org/ransacked https://openairinterface.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-24449
https://notcve.org/view.php?id=CVE-2024-24449
An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF. • https://cellularsecurity.org/ransacked https://openairinterface.org •
CVE-2024-24450
https://notcve.org/view.php?id=CVE-2024-24450
Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE. • https://cellularsecurity.org/ransacked https://openairinterface.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-24452
https://notcve.org/view.php?id=CVE-2024-24452
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. • http://athonet.com https://cellularsecurity.org/ransacked • CWE-125: Out-of-bounds Read •