2 matches found
CVE-2022-39063
Open5GS UPF contains a vulnerability (CVE-2022-39063) in PFCP Session Establishment handling: on receiving a request, it copies data into f_teid without validating the maximum length, so if pdi.local_f_teid.len exceeds the bound, memcpy overwrites fields (e.g., f_teid_len) after f_teid, and the o...
CVE-2022-39063
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the fteidlen from incoming message, and then uses it to copy data from incoming message to struct fteid without...