Linziyu

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote flaw in the `ogs pcc rule install flow from media()` function within the `/lib/proto/types.c` library allows for denial of service through flow manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `ogs pcc rule install flow from media()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the `update authorized pcc rule and qos()` function located in the `/src/smf/npcf-handler.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `update authorized pcc rule and qos()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service issue exists in the SMF component. The flaw is located in the `update authorized pcc rule and qos()` function within the `/src/smf/npcf-handler.c` file. An attacker can remotely manipulate this function to cause the system to become unavailable. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the SMF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dotouch XproUPF version 2.0.0-release-088aa7c4 **Description** An issue in the UPF component involves improper access controls. Exploiting this flaw requires a high degree of complexity and is considered difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the PCF component via the `pcf sess set ipv6prefix()` function located in the `/src/pcf/context.c` file. This occurs through the manipulation of the `SmPolicyContextData.ipv6AddressPrefix` argument. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the `pcf sess set ipv6prefix()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered via the 'delete' endpoint. The issue exists within the `pcf npcf smpolicycontrol handle delete()` function located in the `src/pcf/sm-sm.c` file. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the 'delete' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the sm-policies endpoint. The issue exists within the `pcf nbsf management handle register()` function located in the `src/pcf/nbsf-handler.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A denial of service issue exists in the `pcf sess sbi discover and send()` function of the sm-policies endpoint. A remote attacker can trigger this condition through manipulation, causing the service to become unavailable. **Recommendations** Update to a version newer than 2.7.7. As a temporary workaround, restrict access to the sm-policies endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service issue exists in the NSSF component. The flaw is located in the `ogs sbi discovery option add service names()` function within the `/lib/sbi/message.c` library, where specific manipulation can cause the system to crash or become unavailable. **Recommendations** As a temporary workaround, restrict access to the NSSF component or the `ogs sbi discovery option add service names()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the NSSF component. The issue exists within the `ogs sbi discovery option add snssais()` function located in the `/lib/sbi/message.c` library. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the NSSF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** An issue exists in Open5GS up to version 2.7.6 related to the `smf gn handle create pdp context request` function within the SMF component, specifically in the file /src/smf/gn-handler.c. The manipulation of this function results in a reachable assertion. The attack can be launched remotely. The exploit is publicly available. **Recommendations** Update Open5GS to version 2.7.7 or later. As a temporary workaround, consider restricting access to the `smf gn handle create pdp context request` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** A flaw exists in Open5GS up to version 2.7.6 related to the `sgwc s5c handle create session response` function within the SGW-C component. A manipulation can lead to memory corruption and may be performed remotely. The exploit has been publicly released. The project was notified of the issue but has not yet responded. **Recommendations** Update to version 2.7.7 or later. As a temporary workaround, consider restricting access to the `sgwc s5c handle create session response` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Free5GC versions prior to 4.1.1 **Description** A security flaw exists in Free5GC up to version 4.1.0. The issue resides in the `identityTriggerType` function within the `pfcp reports.go` file, leading to a null pointer dereference. This can be exploited remotely. The exploit has been publicly released and may be used in attacks. **Recommendations** Versions prior to 4.1.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** Free5GC versions prior to 4.1.1 **Description** A flaw exists in Free5GC up to version 4.1.0 within the SessionDeletionResponse function of the SMF component. This issue results in a null pointer dereference, potentially allowing for remote exploitation. The exploit for this issue has been publicly released. **Recommendations** Install a patch to address this issue.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.6 **Description** A security issue exists in Open5GS that may allow for remote manipulation leading to a reachable assertion. The issue is located in the `sgwc s11 handle create indirect data forwarding tunnel request` function within the `/src/sgwc/s11-handler.c` file of the SGWC component. The exploit has been publicly disclosed. **Recommendations** Apply a patch to remediate this issue.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.6 **Description** A flaw exists in Open5GS, specifically within the `sgwc s5c handle create bearer request` function located in the `/src/sgwc/s5c-handler.c` file, part of the CreateBearerRequest Handler component. Manipulation of input can trigger a reachable assertion. Remote exploitation is possible. The issue is reported as already fixed and the exploit is publicly available. **Recommendations** Deploy a patch to address this issue.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions through 2.7.6 **Description** A security flaw exists in Open5GS, potentially leading to a denial of service. The issue resides within the `sgwc s5c handle bearer resource failure indication` function located in the `src/sgwc/s5c-handler.c` file of the SGWC component. Manipulation of this function can trigger the denial of service. The attack can be initiated remotely, and an exploit has been publicly released. **Recommendations** Apply the patch 69b53add90a9479d7960b822fc60601d659c328b to fix this issue.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.5 **Description** A flaw exists in Open5GS up to version 2.7.5 related to the `sgwc bearer add` function within the `src/sgwc/context.c` file. This manipulation can trigger a reachable assertion. The issue is remotely exploitable and a public exploit exists. The issue is reported as already-fixed. **Recommendations** Update to a version later than 2.7.5. As a temporary workaround, consider restricting the use of the `sgwc bearer add` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.7 **Description** A flaw exists in Open5GS up to version 2.7.6. A manipulation of the `sgwc s11 handle create indirect data forwarding tunnel request` function within the `/src/sgwc/s11-handler.c` file can lead to a reachable assertion. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Update to Open5GS version 2.7.7 or later.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions 2.7.0 through 2.7.6 **Description** A security issue exists in Open5GS that can lead to a denial of service. The issue is related to the `ogs gtp2 parse tft` function within the `lib/gtp/v2/types.c` library of the SMF component. Manipulating the `pf[0].content.length` argument can cause the service to crash. The issue is remotely exploitable and an exploit has been publicly released. **Recommendations** Open5GS versions 2.7.0 through 2.7.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.