CVE-2023-4883

Summary

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.

Affected Software

VendorProductVersion RangeStatus
Open5GSOpen5GS2.4.10 and prioraffected

Weaknesses

  • CWE-763: CWE-763 Release of Invalid Pointer or Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References