CWE-358
AllowedImproperly Implemented Security Check for Standard
Abstraction: Base · Status: Draft
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
197 vulnerabilities reference this CWE, most recent first.
GHSA-QVGM-857Q-3736
Vulnerability from github – Published: 2025-09-16 00:30 – Updated: 2025-11-03 21:34A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.
{
"affected": [],
"aliases": [
"CVE-2025-43262"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T23:15:31Z",
"severity": "MODERATE"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot.",
"id": "GHSA-qvgm-857q-3736",
"modified": "2025-11-03T21:34:28Z",
"published": "2025-09-16T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43262"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125110"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RG42-F9WW-X3W7
Vulnerability from github – Published: 2024-06-20 00:30 – Updated: 2024-06-21 15:31Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-6101"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T00:15:09Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-rg42-f9ww-x3w7",
"modified": "2024-06-21T15:31:05Z",
"published": "2024-06-20T00:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6101"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/343748812"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHH9-QF7P-WFGF
Vulnerability from github – Published: 2025-12-30 03:30 – Updated: 2025-12-31 18:30Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
{
"affected": [],
"aliases": [
"CVE-2025-69234"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-30T02:16:16Z",
"severity": "CRITICAL"
},
"details": "Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.",
"id": "GHSA-rhh9-qf7p-wfgf",
"modified": "2025-12-31T18:30:23Z",
"published": "2025-12-30T03:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69234"
},
{
"type": "WEB",
"url": "https://cve.naver.com/detail/cve-2025-69234.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RMC9-985C-H9WG
Vulnerability from github – Published: 2026-05-06 15:32 – Updated: 2026-05-06 15:32HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-31983"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T15:16:07Z",
"severity": "LOW"
},
"details": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.",
"id": "GHSA-rmc9-985c-h9wg",
"modified": "2026-05-06T15:32:41Z",
"published": "2026-05-06T15:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31983"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-V2Q7-X3PW-JC98
Vulnerability from github – Published: 2022-03-09 00:00 – Updated: 2025-08-12 12:30A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.
{
"affected": [],
"aliases": [
"CVE-2021-42017"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-08T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions \u003c V5.6.0), RUGGEDCOM ROS RMC8388 devices (All versions \u003c V5.6.0), RUGGEDCOM ROS RS416v2 (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (All versions \u003c V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2288 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2300P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG2488 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG900 V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSG920P V5.X (All versions \u003c V5.6.0), RUGGEDCOM ROS RSL910 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST2228 (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916C (All versions \u003c V5.6.0), RUGGEDCOM ROS RST916P (All versions \u003c V5.6.0). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.",
"id": "GHSA-v2q7-x3pw-jc98",
"modified": "2025-08-12T12:30:31Z",
"published": "2022-03-09T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42017"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VC3V-PPC7-V486
Vulnerability from github – Published: 2023-11-14 22:21 – Updated: 2024-11-22 20:43Impact
A node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to set a fake parent_id and send a task of a non-whitelisted algorithm. The node will then execute it because the parent_id that is set prevents checks from being run. Relevant node code here
This impacts all servers that are breached by an expert user
Patches
Fixed in v4.1.2
Workarounds
None
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vantage6-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "vantage6-node"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-47631"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-358"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-14T22:21:57Z",
"nvd_published_at": "2023-11-14T21:15:13Z",
"severity": "HIGH"
},
"details": "### Impact\nA node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server may modify it to set a fake `parent_id` and send a task of a non-whitelisted algorithm. The node will then execute it because the `parent_id` that is set prevents checks from being run. Relevant node code [here](https://github.com/vantage6/vantage6/blob/version/4.1.1/vantage6-node/vantage6/node/docker/docker_manager.py#L265-L268)\n\nThis impacts all servers that are breached by an expert user\n\n### Patches\nFixed in v4.1.2\n\n### Workarounds\nNone\n\n",
"id": "GHSA-vc3v-ppc7-v486",
"modified": "2024-11-22T20:43:06Z",
"published": "2023-11-14T22:21:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-vc3v-ppc7-v486"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47631"
},
{
"type": "WEB",
"url": "https://github.com/vantage6/vantage6/commit/bf83521eb12fa80aa5fc92ef1692010a9a7f8243"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vantage6-node/PYSEC-2023-303.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vantage6-server/PYSEC-2023-304.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vantage6/vantage6"
},
{
"type": "WEB",
"url": "https://github.com/vantage6/vantage6/blob/version/4.1.1/vantage6-node/vantage6/node/docker/docker_manager.py#L265-L268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vantage6-server node accepts non-whitelisted algorithms from malicious server"
}
GHSA-VGJ9-5C97-PWX2
Vulnerability from github – Published: 2024-03-06 21:31 – Updated: 2024-08-28 18:31Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-2174"
],
"database_specific": {
"cwe_ids": [
"CWE-358",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-06T19:15:09Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-vgj9-5c97-pwx2",
"modified": "2024-08-28T18:31:53Z",
"published": "2024-03-06T21:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2174"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/325866363"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM4M-9P6F-GCG7
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
{
"affected": [],
"aliases": [
"CVE-2026-49783"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:16:53Z",
"severity": "HIGH"
},
"details": "Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.",
"id": "GHSA-vm4m-9p6f-gcg7",
"modified": "2026-07-14T18:32:01Z",
"published": "2026-07-14T18:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49783"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49783"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRRX-58H3-PRMH
Vulnerability from github – Published: 2026-05-07 01:56 – Updated: 2026-06-08 23:46Summary
The AMF in Free5GC v4.2.1 does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE.
Details
Vulnerability Type: CWE-358 (Improperly Implemented Security Check for Standard)
Affected File: internal/ngap/handler.go — handleHandoverRequiredMain() and internal/gmm/sm.go — SecurityMode()
Root Cause:
3GPP TS 33.501 §6.9.5.1 states:
"Concurrent runs of security procedures may, in certain situations, lead to mismatches between security contexts in the network and the UE. In order to avoid such mismatches, the following rules shall be adhered to: 1. AMF shall not initiate any of the N2 procedures including a new key towards a UE if a NAS Security Mode Command procedure is ongoing with the UE. 2. The AMF shall not initiate a NAS Security Mode Command towards a UE if one of the N2 procedures including a new key is ongoing with the UE."
Free5GC AMF uses an OnGoing state tracking mechanism (SetOnGoing(), GetOnGoing()) with OnGoingProcedureN2Handover type. However, the cross-procedure checks required by §6.9.5.1 are not implemented:
Rule 2 violation:
SecurityMode() in internal/gmm/sm.go sends SMC on EntryEvent without checking if N2 handover is ongoing.
Rule 1 violation:
handleHandoverRequiredMain() in internal/ngap/handler.go calls SetOnGoing(OnGoingProcedureN2Handover) without checking if SMC is ongoing.
Why NH/NCC and SMC are related:
SMC activates a new KAMF, which changes the basis for NH key derivation. The N2 HandoverRequest includes NH/NCC derived from the old KAMF. If both procedures run concurrently, the target gNB and UE derive different KgNB keys, breaking AS security.
PoC
Source code evidence:
Free5GC AMF internal/gmm/sm.go — SecurityMode():
func SecurityMode(state *fsm.State, event fsm.EventType, args fsm.ArgsType) {
switch event {
case fsm.EntryEvent:
// No check for OnGoing N2 procedure
// Directly proceeds to SMC
Free5GC AMF internal/ngap/handler.go — handleHandoverRequiredMain():
amfUe.SetOnGoing(sourceUe.Ran.AnType, &context.OnGoing{
Procedure: context.OnGoingProcedureN2Handover,
})
// No check for ongoing SMC before setting N2
Packet Evidence (pcap available):
| Packet | Time | Message | Description |
|---|---|---|---|
| #1 | 0.000s | HandoverRequired | gNB_A requests handover |
| #18 | 0.002s | HandoverRequest | N2 started (NH/NCC included) |
| (no response from gNB_B) | N2 ongoing | ||
| #28 | 2.062s | Registration request | UE re-registers (same SUPI) |
| #63 | 2.069s | Authentication request | |
| #64 | 2.070s | Authentication response | |
| #71 | 2.072s | Security mode command | SMC during N2 ongoing = Rule 2 violation |
| NGAPHandover-N2-SMC-Concurrent.zip |
Impact
Integrity (MEDIUM): Concurrent NAS and AS security procedures can cause security context mismatches between UE, AMF, and gNB. The SMC activates a new KAMF while the N2 HandoverRequest carries NH/NCC derived from the old KAMF, resulting in KgNB derivation mismatch.
Availability (LOW): Security context mismatch may cause handover failure or security verification failures.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/amf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42082"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T01:56:13Z",
"nvd_published_at": "2026-05-27T17:16:35Z",
"severity": "LOW"
},
"details": "### Summary\n\nThe AMF in Free5GC v4.2.1 does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 \u00a76.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE.\n\n### Details\n\n**Vulnerability Type:** CWE-358 (Improperly Implemented Security Check for Standard)\n\n**Affected File:** `internal/ngap/handler.go` \u2014 `handleHandoverRequiredMain()` and `internal/gmm/sm.go` \u2014 `SecurityMode()`\n\n**Root Cause:**\n\n3GPP TS 33.501 \u00a76.9.5.1 states:\n\n\u003e \"Concurrent runs of security procedures may, in certain situations, lead to mismatches between security contexts in the network and the UE. In order to avoid such mismatches, the following rules shall be adhered to:\n\u003e 1. AMF shall not initiate any of the N2 procedures including a new key towards a UE if a NAS Security Mode Command procedure is ongoing with the UE.\n\u003e 2. The AMF shall not initiate a NAS Security Mode Command towards a UE if one of the N2 procedures including a new key is ongoing with the UE.\"\n\nFree5GC AMF uses an `OnGoing` state tracking mechanism (`SetOnGoing()`, `GetOnGoing()`) with `OnGoingProcedureN2Handover` type. However, the cross-procedure checks required by \u00a76.9.5.1 are not implemented:\n\n**Rule 2 violation:**\n`SecurityMode()` in `internal/gmm/sm.go` sends SMC on `EntryEvent` without checking if N2 handover is ongoing.\n\n**Rule 1 violation:**\n`handleHandoverRequiredMain()` in `internal/ngap/handler.go` calls `SetOnGoing(OnGoingProcedureN2Handover)` without checking if SMC is ongoing.\n\n**Why NH/NCC and SMC are related:**\n\nSMC activates a new KAMF, which changes the basis for NH key derivation. The N2 HandoverRequest includes NH/NCC derived from the old KAMF. If both procedures run concurrently, the target gNB and UE derive different KgNB keys, breaking AS security.\n\n### PoC\n\n**Source code evidence:**\n\nFree5GC AMF `internal/gmm/sm.go` \u2014 `SecurityMode()`:\n```go\nfunc SecurityMode(state *fsm.State, event fsm.EventType, args fsm.ArgsType) {\n switch event {\n case fsm.EntryEvent:\n // No check for OnGoing N2 procedure\n // Directly proceeds to SMC\n```\n\nFree5GC AMF `internal/ngap/handler.go` \u2014 `handleHandoverRequiredMain()`:\n```go\namfUe.SetOnGoing(sourceUe.Ran.AnType, \u0026context.OnGoing{\n Procedure: context.OnGoingProcedureN2Handover,\n})\n// No check for ongoing SMC before setting N2\n```\n\n**Packet Evidence (pcap available):**\n\n| Packet | Time | Message | Description |\n|--------|------|---------|-------------|\n| #1 | 0.000s | HandoverRequired | gNB_A requests handover |\n| #18 | 0.002s | **HandoverRequest** | **N2 started (NH/NCC included)** |\n| | | *(no response from gNB_B)* | **N2 ongoing** |\n| #28 | 2.062s | Registration request | UE re-registers (same SUPI) |\n| #63 | 2.069s | Authentication request | |\n| #64 | 2.070s | Authentication response | |\n| #71 | 2.072s | **Security mode command** | **SMC during N2 ongoing = Rule 2 violation** |\n[NGAPHandover-N2-SMC-Concurrent.zip](https://github.com/user-attachments/files/26735421/NGAPHandover-N2-SMC-Concurrent.zip)\n\n\n### Impact\n\n**Integrity (MEDIUM):** Concurrent NAS and AS security procedures can cause security context mismatches between UE, AMF, and gNB. The SMC activates a new KAMF while the N2 HandoverRequest carries NH/NCC derived from the old KAMF, resulting in KgNB derivation mismatch.\n\n**Availability (LOW):** Security context mismatch may cause handover failure or security verification failures.",
"id": "GHSA-vrrx-58h3-prmh",
"modified": "2026-06-08T23:46:41Z",
"published": "2026-05-07T01:56:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42082"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/amf/blame/v1.4.3/internal/gmm/sm.go"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/amf/blame/v1.4.3/internal/ngap/handler.go"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/free5gc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Free5GC AMF has Missing Concurrent NAS SMC Validation During NGAP Handover "
}
GHSA-VVF4-C8P4-89V5
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2025-12-03 03:31A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
{
"affected": [],
"aliases": [
"CVE-2021-3448"
],
"database_specific": {
"cwe_ids": [
"CWE-358"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-08T23:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.",
"id": "GHSA-vvf4-c8p4-89v5",
"modified": "2025-12-03T03:31:20Z",
"published": "2022-05-24T17:47:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3448"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939368"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-20"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.