Ziyulin

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A use after free flaw exists in the NRF component within the `discover handler()` function located in the `/lib/sbi/nghttp2-server.c` library. This issue allows a remote attacker to manipulate the system, potentially leading to a crash or unauthorized code execution. Use after free occurs when an application continues to use a pointer after it has been freed, which can corrupt memory. **Recommendations** Update to a version newer than 2.7.7. As a temporary workaround, restrict access to the NRF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the NRF component of the library `/lib/sbi/context.c` allows a remote attacker to cause a denial of service. The issue exists within the `ogs sbi subscription data add()` and `ogs sbi nf service add()` functions. **Recommendations** Apply patch 819db11a08b9736a3576c4f99ceb28f7eb99523a to remediate the issue. As a temporary workaround, restrict access to the `ogs sbi subscription data add()` and `ogs sbi nf service add()` functions.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the AUSF component. The issue exists within the `ogs timer add()` function located in the `/src/ausf/nausf-handler.c` library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `ogs timer add()` function in the AUSF component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dotouch XproUPF version 2.0.0-release-088aa7c4 **Description** A denial of service issue exists in the UPF Process component. The problem is located in the `vlib worker loop()` function within the `/usr/xpro/upf/tools/libs/libvlib.so` library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dotouch XproUPF version 2.0.0-release-088aa7c4 **Description** An issue in the UPF component involves improper access controls. Exploiting this flaw requires a high degree of complexity and is considered difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the BSF component allows a remote attacker to cause a denial of service. The issue exists within the `bsf sess find by ipv6prefix()` function located in the `/src/bsf/context.c` file, where improper manipulation of the `ipv6Prefix` argument triggers the condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the BSF component or avoid using the `ipv6Prefix` argument in the `bsf sess find by ipv6prefix()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered through the manipulation of the `amf nudm sdm handle provisioned()` function located in the `/src/amf/nudm-handler.c` file within the AMF component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `amf nudm sdm handle provisioned()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A weakness in the AMF component allows remote exploitation leading to a denial of service. The issue resides in the `ogs id get value()` function within the `/src/amf/nudm-handler.c` file. **Recommendations** As a temporary workaround, consider restricting access to the `ogs id get value()` function in the AMF component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the AMF component. The issue exists within the `amf nsmf pdusession handle update sm context()` function located in the `/src/amf/nsmf-handler.c` file. **Recommendations** As a temporary workaround, consider restricting access to the `amf nsmf pdusession handle update sm context()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered by manipulating the `ueContextId` argument. This issue occurs within the `amf namf comm handle registration status update request()` function located in the `/lib/app/ogs-init.c` library, specifically affecting the '/namf-comm/v1/ue-contexts/{ueContextId}/transfer-update' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/namf-comm/v1/ue-contexts/{ueContextId}/transfer-update' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service can be triggered in the BSF component through the manipulation of the `ipv4Addr` argument. This issue occurs within the `bsf sess add by ip address()` function located in the '/nbsf-management/v1/pcfBindings' endpoint. **Recommendations** Update to a version newer than 2.7.7. As a temporary workaround, restrict access to the '/nbsf-management/v1/pcfBindings' endpoint or limit the use of the `ipv4Addr` parameter.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A flaw in the AMF SBI Endpoint allows a remote attacker to cause a denial of service. The issue exists within the `amf namf callback handle sdm data change notify()` function, specifically affecting the "/namf-callback/v1/{id}/sdmsubscription-notify" endpoint. The problem is triggered by the manipulation of the `changeItem.newValue` argument. **Recommendations** Update to a version later than 2.7.7. As a temporary workaround, restrict access to the "/namf-callback/v1/{id}/sdmsubscription-notify" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A security flaw in the ue-authentications endpoint allows a remote attacker to cause a denial of service. The issue exists within the `ogs sbi xact add()` function located in the `/lib/core/ogs-timer.c` library. **Recommendations** Apply a patch to resolve the issue for versions prior to 2.7.8. As a temporary workaround, restrict access to the `ogs sbi xact add()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A weakness in the library `/lib/sbi/nghttp2-server.c` affects the `ogs pool id calloc()` function. A remote attacker can perform a manipulation that leads to a denial of service. **Recommendations** Apply a patch to resolve the issue for versions prior to 2.7.8. As a temporary workaround, restrict access to the `ogs pool id calloc()` function in the `/lib/sbi/nghttp2-server.c` library to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** An out-of-bounds write can be triggered remotely within the Shared NF-profile Parser component. The issue resides in the `handle scp info()` function located in the `lib/sbi/nnrf-handler.c` library. **Recommendations** Deploy a patch for versions prior to 2.7.8. As a temporary workaround, restrict access to the `handle scp info()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** A remote denial of service issue exists within the Shared NF-profile Parser component, specifically affecting the `lib/sbi/nnrf-handler.c` library. Manipulation of this component allows a remote attacker to cause the system to become unavailable. **Recommendations** Apply the patch to correct the issue for versions prior to 2.7.8.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.8 **Description** An issue exists in the Shared NF-profile Parser component within the `lib/sbi/nnrf-handler.c` library. Remote manipulation of an unknown functionality in this library can lead to a denial of service. **Recommendations** Apply the available patch to versions prior to 2.7.8.

**Name of the Vulnerable Software and Affected Versions** Open5GS version 2.7.6 **Description** A security flaw exists in Open5GS 2.7.6, specifically within the CCA Message Handler component and the `smf gx cca cb`/`smf gy cca cb`/`smf s6b` function. This manipulation can lead to a denial of service. The attack can be initiated remotely and is considered highly complex with difficult exploitability. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions up to 2.7.6 **Description** A flaw exists in Open5GS that can lead to a denial of service. The issue is located within the `smf gx cca cb/smf gy cca cb/smf s6b aaa cb/smf s6b sta cb` function of the CCA Handler component. This manipulation can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Upgrade to version 2.7.7 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Free5GC versions up to 4.1.0 **Description** A flaw exists in Free5GC up to version 4.1.0 related to the PFCP UDP Endpoint component. This issue can lead to a denial of service. The attack can be initiated remotely and the exploit details have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.