Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop.

Synopsys researchers found vulnerabilities that enable authentication bypasses and remote code execution in the three apps, namely Lazy Mouse, Telepad, and PC Keyboard, but did not find a single method of exploitation that applies to all three.