pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP...
7.5CVSS
7.9AI Score
0.001EPSS
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in...
5.5CVSS
5.4AI Score
0.001EPSS
An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose...
5.5CVSS
5.2AI Score
0.0004EPSS
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP...
7.5CVSS
7.3AI Score
0.0005EPSS
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to...
7.5CVSS
7.3AI Score
0.0005EPSS
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow...
7.5CVSS
7.5AI Score
0.0005EPSS
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an.....
9.8CVSS
9.2AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.016EPSS