Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSNPSCVELIST:CVE-2022-39063
HistorySep 16, 2022 - 6:02 p.m.

CVE-2022-39063

2022-09-1618:02:12
CWE-676
SNPS
www.cve.org
3
open5gs
upf
pfcp
session establishment
vulnerability
memcpy
segmentation fault

EPSS

0.001

Percentile

35.7%

JSON

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough.

CNA Affected

[
  {
    "product": "Open5GS",
    "vendor": "Open5GS",
    "versions": [
      {
        "status": "affected",
        "version": "<2.4.9"
      }
    ]
  }
]

Related

osv 1
cve 1
nvd 1
prion 1
osv
osv
CVE-2022-39063
2022-09-16 19:15:10
cve
cve
CVE-2022-39063
2022-09-16 19:15:10
nvd
nvd
CVE-2022-39063
2022-09-16 19:15:10
prion
prion
Server side request forgery (ssrf)
2022-09-16 19:15:00

EPSS

0.001

Percentile

35.7%

JSON
Related for CVELIST:CVE-2022-39063
osv1cve1nvd1prion1