PT-2022-21624 · Open5Gs · Open5Gs

Pablo Valle Alvear

Published

2022-09-26

Updated

2022-10-03

CVE-2022-3299

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.4.10

Description A vulnerability was found in the library lib/sbi/client.c of the component AMF, affecting an unknown functionality. The manipulation leads to denial of service. The attack can be launched remotely.

Recommendations For Open5GS versions up to 2.4.10, it is recommended to apply a patch to fix this issue. The patch with the name 724fa568435dae45ef0c3a48b2aabde052afae88 should be applied. As a temporary workaround, consider restricting access to the vulnerable component AMF until a patch is available.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2022-3299

Affected Products

Open5Gs

PT-2022-21624 · Open5Gs · Open5Gs

CVE-2022-3299

Weakness Enumeration

Related Identifiers

Affected Products

References · 7