Sq0409

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.5 **Description** A problematic issue exists in Open5GS related to the `amf nsmf pdusession handle release sm context` function within the `src/amf/nsmf-handler.c` file of the AMF Service component. The issue leads to a reachable assertion when triggered. Local access is required for exploitation. The exploit has been publicly disclosed. **Recommendations** Apply the patch 66bc558e417e70ae216ec155e4e81c14ae0ecf30 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Open5GS versions up to 2.7.3 Description: A problematic issue exists in Open5GS related to the SCTP Partial Message Handler component. The `ngap recv handler/s1ap recv handler/recv handler` function is susceptible to a reachable assertion due to manipulation. This issue requires local access for exploitation. Recommendations: Apply the patch cfa44575020f3fb045fd971358442053c8684d3d to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Open5GS versions up to 2.7.5 Description: A problematic issue has been found in Open5GS, affecting the `amf state operational` function of the file `src/amf/amf-sm.c` in the AMF Service component. This issue leads to a reachable assertion and can be exploited locally. Recommendations: For Open5GS versions up to 2.7.5, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the `amf state operational` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.3 **Description** A vulnerability was found in the function `common register state` of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument `ran ue id` leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch to the affected versions of Open5GS. For Open5GS versions up to 2.7.3, apply the patch with the identifier 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. As a temporary workaround, consider disabling the `common register state` function until a patch is available. Restrict access to the vulnerable component AMF/MME to minimize the risk of exploitation. Avoid using the argument `ran ue id` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.3 **Description** A vulnerability was found in the function `ngap handle path switch request transfer` of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply the patch named 2daa44adab762c47a8cef69cc984946973a845b3 for versions up to 2.7.3. As a temporary workaround, consider disabling the `ngap handle path switch request transfer` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.3 **Description** A vulnerability was found in the function `gmm state authentication/emm state authentication` of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. **Recommendations** For Open5GS versions up to 2.7.3, apply a patch to fix this issue, specifically the patch with the name 9f5d133657850e6167231527514ee1364d37a884. As a temporary workaround, consider disabling the `gmm state authentication/emm state authentication` function until a patch is available.