CVE-2023-37008 - CERT CVE
ID CVE-2023-37008
Sažetak Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.
Reference
CVSS
Base: 5.3
Impact: 3.4
Exploitability:1.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Zadnje važnije ažuriranje 28-01-2025 - 22:15
Objavljeno 22-01-2025 - 15:15