CVE-2023-37008

Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://cellularsecurity.org/ransacked	Third Party Advisory Exploit Technical Description

Configurations

Configuration 1 (hide)

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

History

22 Apr 2025, 17:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:open5gs:open5gs::::::::
First Time		Open5gs Open5gs open5gs
References	~~() https://cellularsecurity.org/ransacked -~~	() https://cellularsecurity.org/ransacked - Third Party Advisory, Exploit, Technical Description

28 Jan 2025, 22:15

Type	Values Removed	Values Added
Summary		(es) Las versiones de Open5GS MME anteriores a la 2.6.4 contienen un desbordamiento de búfer en la función de deserialización ASN.1 del controlador S1AP. Este desbordamiento de búfer provoca confusión de tipos en los campos decodificados, lo que genera un análisis no válido y la liberación de memoria. Un atacante puede utilizar esto para bloquear un MME o potencialmente ejecutar código en determinadas circunstancias.
CWE		CWE-617
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

22 Jan 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-22 15:15

Updated : 2025-04-22 17:14

NVD link : CVE-2023-37008

Mitre link : CVE-2023-37008

CVE.ORG link : CVE-2023-37008

JSON object : View

Products Affected

open5gs

open5gs

CWE

CWE-617

Reachable Assertion

5.3 /10