Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open5Gs 安全漏洞
Vulnerability Description
Open5Gs是一个 5G Core 和 Epc 的 C 语言开源实现,即 Lte/Nr 网络的核心网络。 Open5GS 1.0.0 到 2.3.3 中存在安全漏洞,该漏洞源于 ogs_fqdn_parse 不恰当地信任客户端提供的长度值,导致缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A