Lucene search
K

121 matches found

Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.11 views

PT-2025-53668

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in omec-project UPF that may allow for remote exploitation. The issue resides in the handleSessionEstablishmentRequest function within the /pfcpiface/pfcpiface/messages...

5.3CVSS6.2AI score0.00271EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.4 views

UPF 代码问题漏洞

UPF is an open source user interface from the Aether SD-Core Project. A code issue vulnerability exists in UPF 2.1.3-dev and earlier versions, which originates in the PFCP Session Establishment Request Handler component function in file /pfcpiface/pfcpiface/messagessession.go. A null pointer...

5.3CVSS4.9AI score0.00271EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/19 12:41 a.m.13 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

7.5CVSS7AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/19 12:41 a.m.6 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

7.5CVSS6.8AI score0.00347EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/18 7:46 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...

8.7CVSS5.6AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/18 7:46 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...

8.7CVSS5.6AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/18 7:45 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the parseFAR function when processing a PFCP Session Establishment Request containing a CreateFAR with an empty or truncated IPv4 address field. An attacker can cause the service to crash and disrupt user-plane...

8.8CVSS5.8AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/18 7:45 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

7.5CVSS5.6AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/18 7:45 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

7.5CVSS5.6AI score0.00347EPSS
Exploits1References2
OSV
OSV
added 2025/12/18 7:16 p.m.2 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

7.5CVSS5.8AI score0.00347EPSS
Exploits1References1
OSV
OSV
added 2025/12/18 7:16 p.m.7 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

7.5CVSS6AI score0.00347EPSS
Exploits1References3
NVD
NVD
added 2025/12/18 7:16 p.m.5 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

7.5CVSS0.00347EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52283

Name of the Vulnerable Software and Affected Versions Open5GS version 2.7.5-49-g465e90f Description A flaw exists in Open5GS where a malformed PFCP Session Establishment Request can cause the UPF to crash. Specifically, when processing a request type=50 and the CreatePDR?PDI?F-TEID has CH=1, a...

7.5CVSS6.5AI score0.00359EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.11 views

PT-2025-52289

Name of the Vulnerable Software and Affected Versions omec-project UPF version 2.1.3-dev Description A denial-of-service issue exists in the omec-project UPF pfcpiface component. Specifically, when a PFCP Session Establishment Request is sent to the UPF’s N4/PFCP endpoint without the mandatory...

7.5CVSS6.5AI score0.00347EPSS
Exploits1References4
CVE
CVE
added 2025/12/18 12:0 a.m.20 views

CVE-2025-65568

The CVE-2025-65568 issue affects the omec-project UPF pfcpiface (upf-epc-pfcpiface:2.1.3-dev). During a PFCP Session Establishment Request, a CreateFAR with an empty or truncated IPv4 address triggers an out-of-bounds read in parseFAR() via ip2int(), causing an index-out-of-range panic and a deni...

7.5CVSS6.7AI score0.00347EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

UPF 安全漏洞

UPF is an open source user interface from the Aether SD-Core Project. A security vulnerability exists in UPF that originates from an out-of-bounds read while processing a PFCP session establishment request containing an empty or truncated IPv4 address field, which could result in a denial of...

7.5CVSS6.5AI score0.00347EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

6.4AI score0.00347EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

6.7AI score0.00347EPSS
Exploits1References1
CVE
CVE
added 2025/12/18 12:0 a.m.17 views

CVE-2025-65565

CVE-2025-65565 affects the omec-project UPF pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request missing the mandatory F-SEID Information Element can cause the session establishment handler to call IE.FSEID() on a nil pointer, triggering a panic and terminating the UP...

7.5CVSS6.4AI score0.00347EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52290

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in the omec-project UPF pfcpiface component that can lead to a denial-of-service condition. Specifically, a crafted PFCP Session Establishment Request, containing a malformed...

7.5CVSS6.3AI score0.00347EPSS
Exploits1References4
Rows per page
Query Builder