Zhenghaohello

Name of the Vulnerable Software and Affected Versions: Open5GS versions prior to 2.7.3 Description: An issue in Open5GS allows a remote attacker to cause a denial of service by sending a crafted Create Session Request message to the SMF (PGW-C), utilizing the IP address of a legitimate UE in the PDN Address Allocation (PAA) field. Recommendations: Upgrade to version 2.7.3 or later.

Name of the Vulnerable Software and Affected Versions: Open5GS versions through 2.7.5 Description: An assertion failure in the `ngap build downlink nas transport` function within the `src/amf/ngap-build.c` file, part of the Access and Mobility Management Function (AMF) component, can lead to a denial of service or other unspecified impacts. This issue is triggered by repeated User Equipment (UE) connect and disconnect message sequences. Recommendations: Update to a version beyond 2.7.5.

**Name of the Vulnerable Software and Affected Versions** Open5GS UPF versions up to v2.7.2 **Description** The issue results in an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with `PDN Type` = 0, the UPF fails to handle the invalid value, triggering a fatal assertion check and causing a daemon crash. **Recommendations** For Open5GS UPF versions up to v2.7.2, update to a version later than v2.7.2 to resolve the issue. As a temporary workaround, consider restricting the `PDN Type` parameter in the PFCP Session Establishment Request to prevent the assertion failure.