Shovon0203

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.1.2 **Description** A flaw in the NGSetupRequest Handler component allows for remote memory corruption, which occurs when memory is unintentionally modified, potentially leading to system instability or crashes. **Recommendations** Apply the available patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.1.2 **Description** An issue exists in the PathSwitchRequest Handler component where manipulation of an unknown functionality can lead to memory corruption. This flaw allows for remote attacks. **Recommendations** Apply the patch to correct the issue for versions prior to 2.1.2.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.1.2 **Description** A flaw in the `PDUSessionResourceModifyIndication()` function within the `/go/src/amf/ngap/handler.go` file can lead to memory corruption. This issue allows for remote exploitation. **Recommendations** Apply the available patch to resolve the issue. As a temporary workaround, restrict access to the `PDUSessionResourceModifyIndication()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.1.2 **Description** A memory corruption issue exists in the NGReset Message Handler component. A remote attacker can trigger this condition through specific manipulation of the system. **Recommendations** Apply the available patch to resolve the issue in versions prior to 2.1.2.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.2.0 **Description** A remote attack can lead to a null pointer dereference, which occurs when a program attempts to read or write to a memory location that is null. This issue impacts the `UERadioCapabilityCheckResponse()` function within the `ngap/dispatcher.go` file. **Recommendations** Update to version 2.2.0.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.2.0 **Description** A flaw in the `RANConfiguration()` function within the ngap/handler.go file allows for a remote null pointer dereference, which occurs when a program attempts to read or write to a memory location that is null. **Recommendations** Update to version 2.2.0.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.2.0 **Description** A memory corruption issue exists in the `NGSetupRequest()` function within the `ngap/handler.go` file. A remote attacker can trigger this by manipulating the `InformationElement` argument. **Recommendations** Upgrade to version 2.2.0.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.2.0 **Description** A memory corruption issue exists in the NGAP Message Handler component, specifically within an unknown function of the `ngap/dispatcher.go` file. This flaw allows a remote attacker to cause memory corruption through manipulation. **Recommendations** Upgrade to version 2.2.0.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.2.0 **Description** A weakness in the NGAP Message Handler component, specifically within the `ngap/handler.go` file, allows for a null pointer dereference (a situation where the software attempts to read a memory location that is null, leading to a crash). This issue can be exploited remotely. **Recommendations** Upgrade to version 2.2.0.

**Name of the Vulnerable Software and Affected Versions** omec-project amf versions prior to 2.1.2 **Description** A flaw in the NGAP Message Handler component allows a remote attacker to cause memory corruption through manipulation. **Recommendations** Apply patch 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa to resolve the issue.

Name of the Vulnerable Software and Affected Versions Free5GC version 4.2.0 Description A flaw exists in Free5GC 4.2.0 within the NGSetupRequest Handler component, potentially leading to a denial of service. The attack can be initiated remotely. The exploit is publicly available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Free5GC version 4.1.0 **Description** A weakness exists in the `HandleRegistrationComplete` function within the `internal/gmm/handler.go` file of the AMF component. Exploitation can lead to a denial of service. The attack can be performed remotely. **Recommendations** Apply patch 52e9386401ce56ea773c5aa587d4cdf7d53da799.