Liuxiaoxinxinxin

**Name of the Vulnerable Software and Affected Versions** Open5GS version 2.6.4 **Description** The issue is related to a Buffer Overflow. It affects the /lib/pfcp/context.c file. **Recommendations** For Open5GS version 2.6.4, consider restricting access to the vulnerable file /lib/pfcp/context.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** open5gs version 2.6.4 **Description** The issue is related to a Buffer Overflow. It affects the /lib/core/abts.c file. **Recommendations** For open5gs version 2.6.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS version 2.7.0 **Description** An issue in Open5GS allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration. **Recommendations** For Open5GS version 2.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** open5gs version 2.6.6 **Description** An issue was discovered in open5gs where the InitialUEMessage, specifically a registration request sent at a certain time, can cause the AMF to crash due to incorrect error handling of the Nudm UECM Registration response. **Recommendations** For open5gs version 2.6.6, as a temporary workaround, consider disabling the `InitialUEMessage` function until a patch is available. Restrict access to the `Nudm UECM Registration` response to minimize the risk of exploitation. Avoid using the `Registration request` at specific times when the error handling issue is most pronounced. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** open5gs version 2.6.6 **Description** An issue was discovered in open5gs where SIGPIPE can be used to crash AMF. **Recommendations** For open5gs version 2.6.6, as a temporary workaround, consider disabling the use of SIGPIPE until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.