CVE-2023-37013
22.01.2025, 15:15
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| open5gs | open5gs | 𝑥 ≤ 2.6.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References