CRITICAL🇵🇱 Wersja polska

CVE-2024-40130

CVSS 9.8v3.1pub. 2024-07-16upd. 2024-11-21

open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.

🤖 AI Analysis
How it works

The vulnerability consists of a buffer overflow (out-of-bounds write, CWE-787, CWE-120) in the Open5GS core library module — specifically in the abts.c file. An attacker can provide specially crafted input data that exceeds the boundaries of an allocated buffer in memory. The attack is possible remotely, without authentication and without user interaction, which significantly increases its criticality.

Impact

Successful exploitation of this vulnerability may enable an attacker to execute arbitrary code remotely (RCE), take control of the system, and compromise the confidentiality, integrity, and availability of the entire 5G/LTE network node.

Mitigation & patch

A patch available in the project repository should be applied — commit 2f8ae91b0b9467f94f128090c88cae91bd73e008 available on GitHub open5gs/open5gs. It is recommended to update to a version containing the indicated patch in accordance with manufacturer references.

Who is affected

Open5GS version 2.6.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Open5gs

    APP
    Open5Gs
    2.6.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-40129CRITICAL9.8PL ✓ten sam produkt

Buffer Overflow w Open5GS v2.6.4 — podatność krytyczna w module PFCP

CVE-2021-28122CRITICAL9.8ten sam produkt

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component all...

CVE-2025-65559HIGH7.5ten sam produkt

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (ty...

CVE-2025-63288HIGH7.5ten sam produkt

In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of servic...

CVE-2025-41067HIGH8.7ten sam produkt

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF...