Linju

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can occur in the NRF component due to the manipulation of the `target-plmn-list` argument. The issue resides within the `ogs sbi discovery option parse plmn list()` function located in the `/lib/sbi/conv.c` library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the NRF component via the `/lib/sbi/message.c` library. The issue occurs when the `service-names/snssais` argument is manipulated. **Recommendations** Update to a version newer than 2.7.7. As a temporary workaround, restrict access to the NRF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** A flaw in the NRF component of Open5GS allows a remote attacker to cause a denial of service. This occurs through the manipulation of the `nfInstanceId` argument within the `ogs sbi nf instance set id()` function located in the `/lib/sbi/context.c` library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service issue exists in the NRF component. The problem occurs within the `ogs sbi client add()` function located in the `/lib/sbi/client.c` library. Manipulation of the `client pool` argument allows a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A weakness in the NRF component allows a remote attacker to cause a denial of service. The issue exists within the `ogs nnrf nfm handle nf profile()` function located in the `lib/sbi/nnrf-handler.c` file. **Recommendations** As a temporary workaround, restrict access to the `ogs nnrf nfm handle nf profile()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the NRF component via the `yuarel parse()` function located in the `/lib/sbi/conv.c` library. This occurs through the manipulation of the `hnrf-uri` argument. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the NRF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the SMF component allows a remote attacker to cause a denial of service. The issue exists within the `smf nsmf handle update data in vsmf()` function located in the `/src/smf/nsmf-handler.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `smf nsmf handle update data in vsmf()` function to minimize the risk of exploitation.