CVE-2024-37877

Name of the Vulnerable Software and Affected Versions UERANSIM versions prior to 3.2.6

Description The issue allows for an out-of-bounds read when a RLS packet is sent to gNodeB with a malformed PDU length. This occurs in the readOctetString function in src/utils/octet view.cpp and the DecodeRlsMessage function in src/lib/rls/rls pdu.cpp.

Recommendations For versions prior to 3.2.6, update to version 3.2.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the readOctetString and DecodeRlsMessage functions until a patch is available.