427 matches found
CVE-2026-2517 Open5GS SMF types.c ogs_gtp2_parse_tft denial of service
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...
CVE-2026-2517
Open5GS vulnerable up to version 2.7.6 due to a flaw in the SMF component. The issue is in ogs_gtp2_parse_tft (library lib/gtp/v2/types.c) where manipulating pf[0].content.length can cause a denial of service. Exploitation can be performed remotely, and public proof-of-concept code exists. The vu...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter pf0.content.length in the SM...
PT-2026-8238
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs gtp2 parse tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be...
CVE-2025-70123
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...
CVE-2026-1974
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...
CVE-2026-1973
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. I...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the identityTriggerType function in the pfcpreports.go file. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference. Remediation Upgrade...
CVE-2026-1976
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...
CVE-2026-1976 Free5GC SMF SessionDeletionResponse null pointer dereference
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...
CVE-2026-1976 Free5GC SMF SessionDeletionResponse null pointer dereference
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...
CVE-2026-1976
CVE-2026-1976 affects Free5GC up to version 4.1.0, specifically the SMF component’s function SessionDeletionResponse. The vulnerability is a null pointer dereference caused by the manipulation, with remote exploitation possible. Public exploits are available, and a patch is recommended to address...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the establishPfcpSession function. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference in the SMF component. Remediation Upgrade...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the ResolveNodeIdToIp function in the SMF component. An attacker can cause a service disruption by sending specially crafted requests remotely. Remediation Upgrade...
CVE-2026-1974 Free5GC SMF datapath.go ResolveNodeIdToIp denial of service
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...
CVE-2026-1974 Free5GC SMF datapath.go ResolveNodeIdToIp denial of service
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...
PT-2026-6666
Name of the Vulnerable Software and Affected Versions Free5GC versions prior to 4.1.1 Description A flaw exists in Free5GC’s SMF component, specifically within the ResolveNodeIdToIp function located in the internal/sbi/processor/datapath.go file. This issue can lead to a denial of service. Remote...
free5GC 代码问题漏洞
Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC prior to 4.1.0 contain code vulnerabilities. These vulnerabilities stem from a flaw in the SessionDeletionResponse function within the SMF component, which may lead to null pointer dereferencing...