CVE-2023-37008

Jan. 28, 2025, 10:15 p.m.

5.3
Medium

Description

Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.

Product(s) Impacted

Product Versions
Open5GS MME
  • ['<= 2.6.4']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

https://cellularsecurity.org/ransacked

Tags

cve@mitre.org
CWE-617
2025-01-22
CVE-2023-37008

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    View Vector String

Timeline

Published: Jan. 22, 2025, 3:15 p.m.
Last Modified: Jan. 28, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.