Frankylin

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the NSSF component allows a local attacker to cause a denial of service through manipulation of the `ogs sbi stream find by id()` function within the `/lib/sbi/nghttp2-server.c` library. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict local access to the NSSF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can occur in the NSSF component due to the manipulation of the `ogs sbi parse plmn list()` function located in the `/lib/sbi/conv.c` library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the NSSF component allows a remote attacker to cause a denial of service through manipulation of the `nssf nnrf nsselection handle get from amf or vnssf()` function located in the `/src/nssf/nnssf-handler.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the NSSF component or the `nssf nnrf nsselection handle get from amf or vnssf()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote flaw exists in the `udm state operational()` function within the `/src/udm/udm-sm.c` file of the 'smf-registrations' endpoint. Manipulation of this component can lead to a denial of service. **Recommendations** As a temporary workaround, restrict access to the 'smf-registrations' endpoint or the `udm state operational()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A security flaw in the authentication-subscription component allows remote exploitation leading to a denial of service. The issue exists within the `udm nudr dr handle subscription authentication()` function located in the `/src/udm/nudr-handler.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered via the `udm nudm uecm handle amf registration update()` function within the `/src/udm/nudm-handler.c` file of the amf-3gpp-access endpoint. **Recommendations** As a temporary workaround, restrict access to the `udm nudm uecm handle amf registration update()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service issue exists in the AMF component. The problem is located in the `gmm handle service request()` function within the `/src/amf/gmm-handler.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `gmm handle service request()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the UDR component. The issue exists within the `ogs dbi subscription data()` function located in the `/lib/dbi/subscription.c` library, where manipulation of the `supi id` argument leads to the failure. **Recommendations** As a temporary workaround, restrict access to the `ogs dbi subscription data()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service issue exists in the UDR component. The problem occurs within the `udr nudr dr handle subscription context()` function located in the `/src/udr/nudr-handler.c` file. Manipulation of the `pei` variable allows a remote attacker to cause a denial of service. **Recommendations** As a temporary workaround, restrict access to the `udr nudr dr handle subscription context()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote resource consumption issue exists in the nf-instances endpoint. The problem occurs within the `handle amf info()` function located in the `/lib/sbi/nnrf-handler.c` library. A remote attacker can trigger this by manipulating the `nf info pool` argument. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the `handle amf info()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions through 2.7.6 **Description** A security issue has been identified in Open5GS. The issue involves memory corruption within an unknown function of the file `/src/mme/esm-build.c` of the MME component. This manipulation can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 2.7.7 should be updated.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.6 **Description** A flaw exists in Open5GS impacting the `sgwc s5c handle modify bearer response`/`sgwc sxa handle session modification response` function within the PGW S5U Address Handler component. This can lead to a null pointer dereference, potentially allowing for remote exploitation. The exploit is publicly available. **Recommendations** Apply the patch with identifier f1bbd7b57f831e2a070780a7d8d5d4c73babdb59.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.6 **Description** A flaw exists in Open5GS up to version 2.7.5 that can lead to a denial of service. The issue is located in the SGWC component, specifically within the `ogs gtp2 f teid to ip` function of the `/sgwc/s11-handler.c` file. This issue can be exploited remotely through manipulation. An exploit for this issue has been published. **Recommendations** Apply a patch to correct this issue.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.6 **Description** A flaw exists in Open5GS that can lead to a denial of service. The issue is located in the `sgwc s11 handle modify bearer request` function within the `/sgwc/s11-handler.c` file of the SGWC component. This issue can be triggered remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Apply a patch to address this vulnerability in versions up to 2.7.6.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** A flaw exists in Open5GS up to version 2.7.6 that can lead to a denial of service. The issue is located in the `sgwc s5c handle modify bearer response` function within the `src/sgwc/s5c-handler.c` file of the SGWC component. The vulnerability can be exploited remotely. The exploit is publicly available. **Recommendations** Apply patch b19cf6a to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions through 2.7.6 **Description** A flaw exists in Open5GS that can lead to a denial of service. The issue is located in the `sgwc s11 handle downlink data notification ack` function within the `src/sgwc/s11-handler.c` file of the `sgwc` component. The attack can be initiated remotely and has been publicly disclosed. **Recommendations** Deploy the patch b4707272c1caf6a7d4dca905694ea55557a0545f.

**Name of the Vulnerable Software and Affected Versions** Open5GS version 2.7.6 **Description** A flaw exists in Open5GS 2.7.6 that can lead to a denial of service. The issue is located within the `mme s11 handle create session response` function of the MME component. This manipulation can be initiated remotely. An exploit for this issue has been published. The project was notified of the problem but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.