87 matches found
CVE-2025-65567
Summary : Multiple sources confirm a denial-of-service in the omec-project UPF pfcpiface (version upf-epc-pfcpiface:2.1.3-dev). After PFCP association, a crafted PFCP Session Establishment Request with a malformed Flow-Description targets the Flow-Description parser (parseFlowDesc), which can rea...
CVE-2025-65565
CVE-2025-65565 affects the omec-project UPF pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request missing the mandatory F-SEID Information Element can cause the session establishment handler to call IE.FSEID() on a nil pointer, triggering a panic and terminating the UP...
CVE-2025-65564
The CVE-2025-65564 issue affects omec-upf (upf-epc-pfcpiface) 2.1.3-dev. The PFCP Association Setup Request, if missing the mandatory Recovery Time Stamp Information Element, triggers a nil-pointer dereference in the association setup handler and causes a panic, terminating the UPF process and po...
CVE-2025-65565
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...
PT-2025-52291
Name of the Vulnerable Software and Affected Versions omec-project UPF versions upf-epc-pfcpiface:2.1.3-dev Description A denial-of-service issue exists in the omec-project UPF pfcpiface component. Specifically, a PFCP Session Establishment Request containing a CreateFAR with an invalid IPv4...
PT-2025-52288
Name of the Vulnerable Software and Affected Versions omec-upf versions 2.1.3-dev Description A denial-of-service issue exists in omec-upf. Specifically, when the UPF receives a PFCP Association Setup Request lacking the mandatory Recovery Time Stamp Information Element, the association setup...
CVE-2025-65563
A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...
CVE-2025-65559
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...
CVE-2025-65562
The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...
PT-2025-52286
Name of the Vulnerable Software and Affected Versions free5GC UPF versions prior to 4.1.0 Description The free5GC UPF is susceptible to a denial of service due to insufficient bounds checking on the Session ID SEID when handling PFCP Session Deletion Requests. An unauthenticated remote attacker c...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
CVE-2025-65568
The CVE-2025-65568 issue affects the omec-project UPF pfcpiface (upf-epc-pfcpiface:2.1.3-dev). During a PFCP Session Establishment Request, a CreateFAR with an empty or truncated IPv4 address triggers an out-of-bounds read in parseFAR() via ip2int(), causing an index-out-of-range panic and a deni...
EUVD-2021-32228
Malicious code in bioql PyPI...
EUVD-2025-12214
Malicious code in bioql PyPI...
EUVD-2022-41609
Malicious code in bioql PyPI...
EUVD-2023-51464
Malicious code in bioql PyPI...
CVE-2023-47346
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages...
CVE-2021-45462
In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF...
CVE-2025-29339
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...
CVE-2025-29339
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...