7.5 CVE-2023-4883


Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.


CWE-763 : Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues. Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free(). When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory. Use a language that provides abstractions for memory allocation and deallocation. Use a tool that dynamically detects memory management problems, such as valgrind. function "internally calls 'calloc' and returns a pointer at an index... inside the allocated buffer. This led to freeing invalid memory."




cpe start end
Configuration 1
cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:* <= 2.4.10




id description date
No known exploits

Other (github, ...)

No known exploits


Common Attack Pattern Enumerations and Classifications

id description severity
No entry