CVE-2023-49391

HIGH7.5EPSS 3.1%

free5GC AMF denial of service vulnerability

Published: 12/22/2023Modified: 9/12/2024

Description

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.

Affected packages (1)

Go/github.com/free5gc/amffrom 0, <= 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-49391
PATCHhttps://github.com/free5gc/amf
WEBhttps://github.com/free5gc/amf/commit/6fc612c35997cf4e8be1e5c86ae2242f04b576a9
WEBhttps://github.com/free5gc/free5gc/issues/497