Lucene search
+L

310 matches found

nvd
nvd
added 2025/12/28 10:15 p.m.5 views

CVE-2025-15156

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...

5.3CVSS0.00271EPSS
Exploits0References4
osv
osv
added 2025/12/28 10:15 p.m.3 views

CVE-2025-15156

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References4
cve
cve
added 2025/12/28 10:2 p.m.25 views

CVE-2025-15156

CVE-2025-15156 affects omec-project UPF up to 2.1.3-dev. The PFCP Session Establishment Request Handler’s handleSessionEstablishmentRequest permits a null pointer dereference; the issue can be triggered remotely. Exploit is published; multiple sources note a lack of a fixed version for the patche...

5.3CVSS6.4AI score0.00271EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/28 10:2 p.m.3 views

CVE-2025-15156 omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...

5.3CVSS6.4AI score0.00271EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/28 10:2 p.m.27 views

CVE-2025-15156 omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...

5.3CVSS0.00271EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/12/28 12:0 a.m.11 views

PT-2025-53668

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in omec-project UPF that may allow for remote exploitation. The issue resides in the handleSessionEstablishmentRequest function within the /pfcpiface/pfcpiface/messages...

5.3CVSS6.2AI score0.00271EPSS
Exploits0References10
cnnvd
cnnvd
added 2025/12/28 12:0 a.m.4 views

UPF 代码问题漏洞

UPF is an open source user interface from the Aether SD-Core Project. A code issue vulnerability exists in UPF 2.1.3-dev and earlier versions, which originates in the PFCP Session Establishment Request Handler component function in file /pfcpiface/pfcpiface/messagessession.go. A null pointer...

5.3CVSS4.9AI score0.00271EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/12/19 12:41 a.m.13 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

7.5CVSS7AI score0.00347EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/12/19 12:41 a.m.7 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

7.5CVSS6.8AI score0.00347EPSS
Exploits1References1
snyk
snyk
added 2025/12/18 7:46 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...

8.7CVSS5.6AI score0.00347EPSS
Exploits1References2
snyk
snyk
added 2025/12/18 7:46 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the session establishment handler process. An attacker can cause the process to panic and terminate by sending a PFCP Session Establishment Request that omits the mandatory F-SEID CPF-SEID Information Element...

8.7CVSS5.6AI score0.00347EPSS
Exploits1References2
snyk
snyk
added 2025/12/18 7:45 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the parseFAR function when processing a PFCP Session Establishment Request containing a CreateFAR with an empty or truncated IPv4 address field. An attacker can cause the service to crash and disrupt user-plane...

8.8CVSS5.8AI score0.00347EPSS
Exploits1References2
snyk
snyk
added 2025/12/18 7:45 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

7.5CVSS5.6AI score0.00347EPSS
Exploits1References2
snyk
snyk
added 2025/12/18 7:45 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

7.5CVSS5.6AI score0.00347EPSS
Exploits1References2
osv
osv
added 2025/12/18 7:16 p.m.7 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

7.5CVSS6AI score0.00347EPSS
Exploits1References3
osv
osv
added 2025/12/18 7:16 p.m.3 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

7.5CVSS5.8AI score0.00347EPSS
Exploits1References1
nvd
nvd
added 2025/12/18 7:16 p.m.6 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

7.5CVSS0.00347EPSS
Exploits1References1
cve
cve
added 2025/12/18 12:0 a.m.20 views

CVE-2025-65568

The CVE-2025-65568 issue affects the omec-project UPF pfcpiface (upf-epc-pfcpiface:2.1.3-dev). During a PFCP Session Establishment Request, a CreateFAR with an empty or truncated IPv4 address triggers an out-of-bounds read in parseFAR() via ip2int(), causing an index-out-of-range panic and a deni...

7.5CVSS6.7AI score0.00347EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

6.4AI score0.00347EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/12/18 12:0 a.m.7 views

PT-2025-52283

Name of the Vulnerable Software and Affected Versions Open5GS version 2.7.5-49-g465e90f Description A flaw exists in Open5GS where a malformed PFCP Session Establishment Request can cause the UPF to crash. Specifically, when processing a request type=50 and the CreatePDR?PDI?F-TEID has CH=1, a...

7.5CVSS6.5AI score0.00359EPSS
Exploits1References4
Rows per page
Query Builder