Description
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service.
Published: 2025-01-22
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://cellularsecurity.org/ransacked cve-icon cve-icon
History

Tue, 22 Apr 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Open5gs
Open5gs open5gs
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs

Thu, 06 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Jan 2025 15:00:00 +0000

Type Values Removed Values Added
Description Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `S1Setup Request` message missing a required `Supported TAs` field to repeatedly crash the MME, resulting in denial of service.
References

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-02-06T21:30:46.752Z

Reserved: 2023-06-28T00:00:00.000Z

Link: CVE-2023-37019

cve-icon Vulnrichment

Updated: 2025-01-22T16:52:02.536Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-22T15:15:11.510

Modified: 2025-04-22T17:15:09.457

Link: CVE-2023-37019

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses