310 matches found
CVE-2025-15156
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...
CVE-2025-15156
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...
CVE-2025-15156
CVE-2025-15156 affects omec-project UPF up to 2.1.3-dev. The PFCP Session Establishment Request Handler’s handleSessionEstablishmentRequest permits a null pointer dereference; the issue can be triggered remotely. Exploit is published; multiple sources note a lack of a fixed version for the patche...
CVE-2025-15156 omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...
CVE-2025-15156 omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...
PT-2025-53668
Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in omec-project UPF that may allow for remote exploitation. The issue resides in the handleSessionEstablishmentRequest function within the /pfcpiface/pfcpiface/messages...
UPF 代码问题漏洞
UPF is an open source user interface from the Aether SD-Core Project. A code issue vulnerability exists in UPF 2.1.3-dev and earlier versions, which originates in the PFCP Session Establishment Request Handler component function in file /pfcpiface/pfcpiface/messagessession.go. A null pointer...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
CVE-2025-65565
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the parseFAR function when processing a PFCP Session Establishment Request containing a CreateFAR with an empty or truncated IPv4 address field. An attacker can cause the service to crash and disrupt user-plane...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
CVE-2025-65565
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...
CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...
CVE-2025-65568
The CVE-2025-65568 issue affects the omec-project UPF pfcpiface (upf-epc-pfcpiface:2.1.3-dev). During a PFCP Session Establishment Request, a CreateFAR with an empty or truncated IPv4 address triggers an out-of-bounds read in parseFAR() via ip2int(), causing an index-out-of-range panic and a deni...
CVE-2025-65565
A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...
PT-2025-52283
Name of the Vulnerable Software and Affected Versions Open5GS version 2.7.5-49-g465e90f Description A flaw exists in Open5GS where a malformed PFCP Session Establishment Request can cause the UPF to crash. Specifically, when processing a request type=50 and the CreatePDR?PDI?F-TEID has CH=1, a...