CVE-2024-24449
https://notcve.org/view.php?id=CVE-2024-24449
An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF. • https://cellularsecurity.org/ransacked https://openairinterface.org •
CVE-2024-24450
https://notcve.org/view.php?id=CVE-2024-24450
Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE. • https://cellularsecurity.org/ransacked https://openairinterface.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-24452
https://notcve.org/view.php?id=CVE-2024-24452
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. • http://athonet.com https://cellularsecurity.org/ransacked • CWE-125: Out-of-bounds Read •
CVE-2024-24453
https://notcve.org/view.php?id=CVE-2024-24453
An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. • http://athonet.com https://cellularsecurity.org/ransacked • CWE-125: Out-of-bounds Read •
CVE-2024-24454
https://notcve.org/view.php?id=CVE-2024-24454
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. • http://athonet.com https://cellularsecurity.org/ransacked • CWE-125: Out-of-bounds Read •