CVE-2023-37022

High

7.5/10

Summary

Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

References

Advisory Timeline

Published Jan 22, 2025

CVE-2023-37022

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS