CVE-2023-4882

Summary

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.

Affected Software

VendorProductVersion RangeStatus
Open5GSOpen5GS2.4.10 and prioraffected

Weaknesses

  • CWE-404: CWE-404 Improper Resource Shutdown or Release

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References