Lucene search
K

87 matches found

CVE
CVE
added 2025/12/18 12:0 a.m.16 views

CVE-2025-65567

Summary : Multiple sources confirm a denial-of-service in the omec-project UPF pfcpiface (version upf-epc-pfcpiface:2.1.3-dev). After PFCP association, a crafted PFCP Session Establishment Request with a malformed Flow-Description targets the Flow-Description parser (parseFlowDesc), which can rea...

7.5CVSS6.6AI score0.00347EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/12/18 12:0 a.m.16 views

CVE-2025-65565

CVE-2025-65565 affects the omec-project UPF pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request missing the mandatory F-SEID Information Element can cause the session establishment handler to call IE.FSEID() on a nil pointer, triggering a panic and terminating the UP...

7.5CVSS6.4AI score0.00347EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/12/18 12:0 a.m.13 views

CVE-2025-65564

The CVE-2025-65564 issue affects omec-upf (upf-epc-pfcpiface) 2.1.3-dev. The PFCP Association Setup Request, if missing the mandatory Recovery Time Stamp Information Element, triggers a nil-pointer dereference in the association setup handler and causes a panic, terminating the UPF process and po...

7.5CVSS6.4AI score0.0036EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/18 12:0 a.m.18 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

0.00347EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52291

Name of the Vulnerable Software and Affected Versions omec-project UPF versions upf-epc-pfcpiface:2.1.3-dev Description A denial-of-service issue exists in the omec-project UPF pfcpiface component. Specifically, a PFCP Session Establishment Request containing a CreateFAR with an invalid IPv4...

7.5CVSS6.5AI score0.00347EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52288

Name of the Vulnerable Software and Affected Versions omec-upf versions 2.1.3-dev Description A denial-of-service issue exists in omec-upf. Specifically, when the UPF receives a PFCP Association Setup Request lacking the mandatory Recovery Time Stamp Information Element, the association setup...

7.5CVSS6.5AI score0.0036EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.4 views

CVE-2025-65563

A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...

6.4AI score0.00369EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.2 views

CVE-2025-65559

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...

6.6AI score0.00359EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-65562

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...

6.8AI score0.0049EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52286

Name of the Vulnerable Software and Affected Versions free5GC UPF versions prior to 4.1.0 Description The free5GC UPF is susceptible to a denial of service due to insufficient bounds checking on the Session ID SEID when handling PFCP Session Deletion Requests. An unauthenticated remote attacker c...

7.5CVSS6.8AI score0.0049EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

6.7AI score0.00347EPSS
Exploits1References1
CVE
CVE
added 2025/12/18 12:0 a.m.20 views

CVE-2025-65568

The CVE-2025-65568 issue affects the omec-project UPF pfcpiface (upf-epc-pfcpiface:2.1.3-dev). During a PFCP Session Establishment Request, a CreateFAR with an empty or truncated IPv4 address triggers an out-of-bounds read in parseFAR() via ip2int(), causing an index-out-of-range panic and a deni...

7.5CVSS6.7AI score0.00347EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-32228

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.04405EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12214

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00362EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-41609

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01079EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-51464

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00782EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.7 views

CVE-2023-47346

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages...

7.5CVSS6.7AI score0.00782EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.8 views

CVE-2021-45462

In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF...

7.5CVSS6.8AI score0.04405EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/26 6:16 a.m.5 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5CVSS6.9AI score0.00362EPSS
Exploits1References1
NVD
NVD
added 2025/04/22 5:16 p.m.11 views

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...

7.5CVSS0.00362EPSS
Exploits1References1
Rows per page
Query Builder