Home/Product/open5gs
Product

open5gs

154 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-8746
<= 2.7.7
A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library
4.3MEDIUM
 CVE-2026-8745
<= 2.7.7
A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library
4.3MEDIUM
 CVE-2026-8744
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_a
4.3MEDIUM
 CVE-2026-8743
<= 2.7.6
A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/cont
6.3MEDIUM
 CVE-2026-8731
<= 2.7.7
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.
4.3MEDIUM
 CVE-2026-8730
<= 2.7.6
A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context
4.3MEDIUM
 CVE-2026-8729
<= 2.7.7
A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the com
4.3MEDIUM
 CVE-2026-8728
<= 2.7.7
A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_p
4.3MEDIUM
 CVE-2026-8292
<= 2.7.7
A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the librar
4.3MEDIUM
 CVE-2026-8291
<= 2.7.7
A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi
4.3MEDIUM
 CVE-2026-8290
<= 2.7.7
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of
4.3MEDIUM
 CVE-2026-8289
<= 2.7.7
A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf
4.3MEDIUM
 CVE-2026-8288
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_desc
4.3MEDIUM
 CVE-2026-8270
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the compone
4.3MEDIUM
 CVE-2026-8269
<= 2.7.7
A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF.
4.3MEDIUM
 CVE-2026-8268
<= 2.7.7
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. S
4.3MEDIUM
 CVE-2026-8267
<= 2.7.7
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the
4.3MEDIUM
 CVE-2026-8266
<= 2.7.7
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the f
4.3MEDIUM
 CVE-2026-8252
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the compone
4.3MEDIUM
 CVE-2026-8251
<= 2.7.7
A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/sm
4.3MEDIUM
 CVE-2026-8250
<= 2.7.7
A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file
4.3MEDIUM
 CVE-2026-8249
<= 2.7.7
A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file
4.3MEDIUM
 CVE-2026-8248
<= 2.7.7
A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of th
4.3MEDIUM
 CVE-2026-8226
<= 2.7.7
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from
5.3MEDIUM
 CVE-2026-8225
<= 2.7.7
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the fil
5.3MEDIUM
 CVE-2026-8224
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file
5.3MEDIUM
 CVE-2026-8223
<= 2.7.7
A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of
5.3MEDIUM
 CVE-2026-8222
<= 2.7.7
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file sr
5.3MEDIUM
 CVE-2026-8186
<= 2.7.7
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library
5.3MEDIUM
 CVE-2026-8187
<= 2.7.7
A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the com
5.3MEDIUM
 CVE-2026-8123
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the libra
4.3MEDIUM
 CVE-2026-8122
<= 2.7.7
A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the libr
4.3MEDIUM
 CVE-2026-8121
<= 2.7.7
A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library
4.3MEDIUM
 CVE-2026-8120
<= 2.7.7
A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vn
4.3MEDIUM
 CVE-2026-8119
<= 2.7.7
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/ng
3.3LOW
 CVE-2026-7587
<= 2.7.7
A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_s
4.3MEDIUM
 CVE-2026-7586
<= 2.7.7
A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler
4.3MEDIUM
 CVE-2026-7585
<= 2.7.7
A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the
4.3MEDIUM
 CVE-2026-4988
all versions
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the c
3.7LOW
 CVE-2026-4240
< 2.7.7
A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aa
5.3MEDIUM
 CVE-2026-2524
all versions
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the compone
5.3MEDIUM
 CVE-2026-2523
<= 2.7.6
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request
5.3MEDIUM
 CVE-2026-2522
<= 2.7.6
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.
5.3MEDIUM
 CVE-2026-2521
<= 2.7.6
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of
5.3MEDIUM
 CVE-2026-2517
<= 2.7.6
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the libr
5.3MEDIUM
 CVE-2026-2062
<= 2.7.0
A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_h
5.3MEDIUM
 CVE-2025-15555
<= 2.7.6
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb
7.3HIGH
 CVE-2026-1738
<= 2.7.6
A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c
5.3MEDIUM
 CVE-2026-1737
<= 2.7.6
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of
5.3MEDIUM
 CVE-2026-1736
<= 2.7.6
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_f
5.3MEDIUM
 CVE-2026-1587
<= 2.7.6
A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request
5.3MEDIUM
 CVE-2026-1586
< 2.7.6
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of th
5.3MEDIUM
 CVE-2026-1522
<= 2.7.6
A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_respo
5.3MEDIUM
 CVE-2026-1521
<= 2.7.6
A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indi
5.3MEDIUM
 CVE-2026-0622
<= 2.7.6
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset
6.5MEDIUM
 CVE-2025-15539
<= 2.7.6
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of
5.3MEDIUM
 CVE-2025-15532
<= 2.7.5
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Hand
5.3MEDIUM
 CVE-2025-15531
<= 2.7.5
A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgw
5.3MEDIUM
 CVE-2025-15530
<= 2.7.6
A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_t
5.3MEDIUM
 CVE-2025-15529
<= 2.7.6
A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response o
5.3MEDIUM
 CVE-2025-15528
<= 2.7.6
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component
5.3MEDIUM
 CVE-2025-15419
<= 2.7.6
A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_respo
3.3LOW
 CVE-2025-15418
<= 2.7.6
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_q
3.3LOW
 CVE-2025-15417
<= 2.7.6
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file
3.3LOW
 CVE-2025-15176
<= 2.7.5
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the
5.3MEDIUM
 CVE-2025-14955
<= 2.7.5
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the
3.7LOW
 CVE-2025-14954
<= 2.7.5
A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/
3.7LOW
 CVE-2025-14953
<= 2.7.5
A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler
3.1LOW
 CVE-2025-65559
all versions
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF cras
7.5HIGH
 CVE-2025-63288
all versions
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.
7.5HIGH
 CVE-2025-41068
< 2.7.5
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial o
7.5HIGH
 CVE-2025-41067
< 2.7.5
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial o
7.5HIGH
 CVE-2025-55904
< 2.7.6
Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multi
4.0MEDIUM
 CVE-2025-52322
<= 2.7.2
An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request m
7.5HIGH
 CVE-2025-52288
<= 2.7.5
Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management F
7.5HIGH
 CVE-2025-9405
< 2.7.6
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file s
5.3MEDIUM
 CVE-2025-8805
< 2.7.6
A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of
5.3MEDIUM
 CVE-2025-8804
< 2.7.6
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngap_build_downlink_nas_transport
5.3MEDIUM
 CVE-2025-8803
< 2.7.6
A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function gmm_state_de_registered/gmm_state_exception of the
5.3MEDIUM
 CVE-2025-8802
< 2.7.6
A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file s
5.3MEDIUM
 CVE-2025-8801
< 2.7.6
A vulnerability was found in Open5GS up to 2.7.5. This affects the function gmm_state_exception of the file src/amf/gmm-sm.c of th
5.3MEDIUM
 CVE-2025-8800
< 2.7.6
A vulnerability has been found in Open5GS up to 2.7.5. Affected by this issue is the function esm_handle_pdn_connectivity_request
5.3MEDIUM
 CVE-2025-8799
< 2.7.6
A vulnerability was identified in Open5GS up to 2.7.5. Affected by this vulnerability is the function amf_npcf_am_policy_control_b
5.3MEDIUM
 CVE-2025-8698
<= 2.7.5
A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusess
3.3LOW
 CVE-2025-7485
< 2.7.6
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_re
3.3LOW
 CVE-2025-6952
< 2.7.6
A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_s
3.3LOW
 CVE-2025-29646
<= 2.7.2
An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstab
7.1HIGH
 CVE-2025-44952
<= 2.7.2
A missing length check in ogs_pfcp_subnet_add function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier,
7.8HIGH
 CVE-2025-44951
<= 2.7.2
A missing length check in ogs_pfcp_dev_add function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, al
7.1HIGH
 CVE-2025-5935
< 2.7.6
A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the funct
5.3MEDIUM
 CVE-2025-5520
>= 2.7.0 and <= 2.7.3
A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authen
5.3MEDIUM
 CVE-2025-5501
<= 2.7.3
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_ha
5.3MEDIUM
 CVE-2025-29339
<= 2.7.2
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validati
7.5HIGH
 CVE-2025-25774
all versions
An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it
6.5MEDIUM
 CVE-2025-1925
<= 2.7.2
A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsm
5.3MEDIUM
 CVE-2025-1893
<= 2.7.2
A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the funct
4.3MEDIUM
 CVE-2024-56921
all versions
An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to inc
7.5HIGH
 CVE-2024-57519
all versions
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/su
7.5HIGH
 CVE-2024-24429
<= 2.6.4
A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (D
8.6HIGH
 CVE-2024-34235
<= 2.6.4
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inte
8.6HIGH
 CVE-2024-24432
<= 2.6.4
A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via
5.3MEDIUM
 CVE-2024-24430
<= 2.6.4
A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS)
7.5HIGH
 CVE-2023-37023
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its `MM
8.6HIGH
 CVE-2023-37022
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the UE Context Release Request packet handler. A packet containin
7.5HIGH
 CVE-2023-37021
<= 2.6.4
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
8.6HIGH
 CVE-2023-37020
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
8.6HIGH
 CVE-2023-37019
<= 2.6.4
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inte
8.6HIGH
 CVE-2023-37018
<= 2.6.4
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inte
8.6HIGH
 CVE-2023-37017
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
8.6HIGH
 CVE-2023-37016
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
8.6HIGH
 CVE-2023-37015
<= 2.6.4
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inte
8.6HIGH
 CVE-2023-37014
<= 2.6.4
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inte
7.5HIGH
 CVE-2023-37013
<= 2.6.4
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the
7.3HIGH
 CVE-2023-37012
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2023-37011
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
6.3MEDIUM
 CVE-2023-37010
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
6.3MEDIUM
 CVE-2023-37009
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
6.3MEDIUM
 CVE-2023-37008
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer ove
5.3MEDIUM
 CVE-2023-37007
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2023-37006
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2023-37005
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2023-37004
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2023-37003
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2023-37002
<= 2.6.4
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP inter
5.3MEDIUM
 CVE-2024-24428
<= 2.6.4
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS)
7.5HIGH
 CVE-2024-24427
<= 2.6.4
A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via
7.5HIGH
 CVE-2024-24431
all versions
A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via
7.5HIGH
 CVE-2024-51179
all versions
An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs)
7.5HIGH
 CVE-2024-40130
all versions
open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
9.8CRITICAL
 CVE-2024-40129
all versions
Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
9.8CRITICAL
 CVE-2024-33382
all versions
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration
5.3MEDIUM
 CVE-2024-34476
< 2.7.1
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encryp
5.3MEDIUM
 CVE-2024-34475
< 2.7.1
Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_auth
7.5HIGH
 CVE-2023-50020
all versions
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
7.5HIGH
 CVE-2023-50019
all versions
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to inc
5.9MEDIUM
 CVE-2023-4885
<= 2.4.10
Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resultin
6.5MEDIUM
 CVE-2023-4884
<= 2.4.10
An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of
6.5MEDIUM
 CVE-2023-4883
<= 2.4.10
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operati
7.5HIGH
 CVE-2023-4882
<= 2.4.10
DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger t
7.5HIGH
 CVE-2023-23846
< 2.4.13
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extensi
7.5HIGH
 CVE-2022-43223
all versions
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to ca
7.5HIGH
 CVE-2022-43222
all versions
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers
7.5HIGH
 CVE-2022-43221
all versions
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers
7.5HIGH
 CVE-2022-40890
<= 2.4.10
A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.
7.5HIGH
 CVE-2022-3354
<= 2.4.10
A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in t
3.5LOW
 CVE-2022-3299
>= 2.4.0 and <= 2.4.10
A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unkno
4.3MEDIUM
 CVE-2022-39063
<= 2.4.9
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishme
7.5HIGH
 CVE-2021-44109
<= 2.3.6
A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi
7.5HIGH
 CVE-2021-44108
<= 2.3.6
A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via
7.5HIGH
 CVE-2021-44081
all versions
A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it lead
7.5HIGH
 CVE-2021-45462
all versions
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.
7.5HIGH
 CVE-2021-41794
>= 1.0.0 and <= 2.3.3
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow.
7.5HIGH
 CVE-2021-28122
>= 2.1.3 and <= 2.2.0
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticat
9.8CRITICAL
 CVE-2021-25863
all versions
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
8.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin