CVE-2026-44324 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does not exist in UESubsCollection. The processor checks value, ok :=...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

PT-2026-32973

Name of the Vulnerable Software and Affected Versions free5GC versions 1.4.2 and earlier Description An improper path validation issue exists in the UDR service. An unauthenticated attacker with access to the 5G Service Based Interface can delete arbitrary Traffic Influence Subscriptions by...

CVE-2022-25897

The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

PT-2022-4447 · Unknown · Node-Opcua

Name of the Vulnerable Software and Affected Versions: node-opcua versions prior to 2.74.0 Description: The issue is related to a Denial of Service DoS condition that can be triggered by bypassing limitations for excessive memory consumption. This can be achieved by sending multiple CloseSession...

node-opcua 资源管理错误漏洞

node-opcua is a French Sterfive SAS open source implementation of an OPC UA stack written entirely in Typescript for NodeJS. A resource management error vulnerability exists in versions of node-opcua prior to 2.74.0. An attacker can exploit this vulnerability to bypass excessive memory consumptio...

Denial of Service (DoS)

Overview org.eclipse.milo:sdk-server is an open-source implementation of OPC UA Affected versions of this package are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter...

CVE-2022-24298

All versions of package freeopcua/freeopcua are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

PT-2022-16588 · Freeopcua · Freeopcua

Name of the Vulnerable Software and Affected Versions: freeopcua/freeopcua versions all Description: The issue allows for Denial of Service DoS by bypassing limitations for excessive memory consumption. This is achieved by sending multiple CloseSession requests with the deleteSubscription paramet...

Denial of Service (DoS)

Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...