CVE-2023-37024

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Magma versions <= 1.8.0

Description A reachable assertion in the Mobile Management Entity (MME) of Magma allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an Emergency Number List Information Element.

Recommendations For Magma versions <= 1.8.0, update to version 1.9 or later, which includes the fix for this issue, as committed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

CVE-2023-37024

Affected Products

Magma

CVE-2023-37024

Weakness Enumeration

Related Identifiers

Affected Products

References · 4