How severe is CVE-2023-37013?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2023-37013?

This is classified as CWE-617, which is a common weakness in software security.

CVE-2023-37013

HIGH Year: 2023

CVSS v3 Score

7.3

High

Weakness Type

CWE-617

View all →

Vulnerability Description

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the `ogs_sctp_recvmsg` routine to reach an unexpected network state and crash, leading to denial of service.

CVE-2024-33601

HIGH

CVSS:7.3(High)

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due ...

CWE-6172024

CVE-2006-4095

HIGH

CVSS:7.5(High)

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

CWE-6172006

CVE-2006-5779

HIGH

CVSS:7.5(High)

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

CWE-6172006

CVE-2006-6767

HIGH

CVSS:7.5(High)

oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

CWE-6172006