Lucene search
K

174 matches found

OSV
OSV
added 2025/06/18 12:0 a.m.5 views

CVE-2025-44951

A missing length check in ogspfcpdevadd function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dev field with a value with length greater than 32...

7.1CVSS6AI score0.00189EPSS
Exploits1References5
OSV
OSV
added 2025/06/18 12:0 a.m.4 views

CVE-2025-29646

An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and teid = 0 or teid = ogspfcppdrteidpool.size...

7.1CVSS6.3AI score0.0029EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.6 views

PT-2025-26182 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: open5gs versions 2.7.2 and earlier Description: The issue allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and teid = 0 or teid = ogs pfcp pdr teid...

7.1CVSS6.2AI score0.0029EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.7 views

CVE-2023-47346

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages...

7.5CVSS6.7AI score0.00782EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.10 views

CVE-2023-47345

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero...

7.5CVSS6.7AI score0.00851EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.5 views

CVE-2022-43222

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PFCP packet...

7.5CVSS7AI score0.00845EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.7 views

CVE-2022-43221

open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PFCP packet...

7.5CVSS7AI score0.00845EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.3 views

CVE-2022-39063

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the fteidlen from incoming message, and then uses it to copy data from incoming message to struct fteid without...

7.5CVSS6.9AI score0.01079EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.7 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.5CVSS7.1AI score0.01183EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/04/26 6:16 a.m.5 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5CVSS6.9AI score0.00362EPSS
Exploits1References1
NVD
NVD
added 2025/04/22 5:16 p.m.11 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5CVSS0.00362EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.4 views

PT-2025-17557 · Open5Gs · Open5Gs Upf

Name of the Vulnerable Software and Affected Versions: Open5GS UPF versions up to v2.7.2 Description: The issue results in an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type = 0, the UPF fails to handle the...

7.5CVSS6.4AI score0.00362EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/04/22 12:0 a.m.3 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5AI score0.00362EPSS
Exploits1References1
CVE
CVE
added 2025/04/22 12:0 a.m.56 views

CVE-2025-29339

Open5GS UPF (up to v2.7.2) is affected by CVE-2025-29339. An assertion failure occurs during PFCP Session Establishment Requests when PDN Type is 0, due to improper handling of an invalid value propagated from SMF (or via direct attack), leading to a fatal assertion and daemon crash. The vulnerab...

7.5CVSS7.1AI score0.00362EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/04/22 12:0 a.m.6 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

0.00362EPSS
Exploits1References1
OSV
OSV
added 2025/04/22 12:0 a.m.4 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5CVSS7.1AI score0.00362EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/01/31 7:2 p.m.8 views

CVE-2025-21677

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

5.5CVSS6.2AI score0.00172EPSS
Exploits0References4
OSV
OSV
added 2025/01/31 12:15 p.m.2 views

DEBIAN-CVE-2025-21677

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

5.5CVSS5.5AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2025/01/31 12:15 p.m.13 views

CVE-2025-21677

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

5.5CVSS0.00172EPSS
Exploits0References2
OSV
OSV
added 2025/01/31 12:15 p.m.2 views

UBUNTU-CVE-2025-21677

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

5.5CVSS6.6AI score0.00172EPSS
Exploits0References7
Rows per page
Query Builder