PT-2024-20397 · Unknown · Oai-Cn5G-Amf
Published
2024-11-15
·
Updated
2024-11-18
·
CVE-2024-24447
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
oai-cn5g-amf versions up to v2.0.0
Description
A buffer overflow in the
ngap amf handle pdu session resource setup response function allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list.Recommendations
For oai-cn5g-amf versions up to v2.0.0, consider disabling the
ngap amf handle pdu session resource setup response function as a temporary workaround until a patch is available. Restrict access to the PDU Session Resource Setup Response to minimize the risk of exploitation.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oai-Cn5G-Amf