CVE-2023-37008

{"id": "CVE-2023-37008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2025-01-22T15:15:10.373", "references": [{"url": "https://cellularsecurity.org/ransacked", "tags": ["Third Party Advisory", "Exploit", "Technical Description"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances."}, {"lang": "es", "value": "Las versiones de Open5GS MME anteriores a la 2.6.4 contienen un desbordamiento de b\u00fafer en la funci\u00f3n de deserializaci\u00f3n ASN.1 del controlador S1AP. Este desbordamiento de b\u00fafer provoca confusi\u00f3n de tipos en los campos decodificados, lo que genera un an\u00e1lisis no v\u00e1lido y la liberaci\u00f3n de memoria. Un atacante puede utilizar esto para bloquear un MME o potencialmente ejecutar c\u00f3digo en determinadas circunstancias."}], "lastModified": "2025-04-22T17:14:06.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4887F15-E22E-44D0-8B7A-82ED1AB274A8", "versionEndIncluding": "2.6.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}