CVE-2023-37016
EUVD-2023-4093622.01.2025, 15:15
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Context Modification Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| open5gs | open5gs | 𝑥 ≤ 2.6.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References