A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service.
The attack must be carried out locally. The exploit is publicly available and might be used. The name of the patch is 465273d13ba5d47b274c38c9d1b07f04859178a1.
A patch should be applied to remediate this issue.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
Low
Partial disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Open5gs Open5gs
cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
|
— |
<= 2.7.6
|
References 7
https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f0485917…
cna@vuldb.com
https://github.com/open5gs/open5gs/issues/4203
cna@vuldb.com
https://github.com/open5gs/open5gs/issues/4203#issue-3719257558
cna@vuldb.com
https://github.com/open5gs/open5gs/issues/4203#issuecomment-3681643498
cna@vuldb.com
https://vuldb.com/?ctiid.339339
cna@vuldb.com
https://vuldb.com/?id.339339
cna@vuldb.com
https://vuldb.com/?submit.727616
cna@vuldb.com