CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf upf-epc-pfcpiface in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer...

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

CVE-2025-65567

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The...

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

PT-2025-52288

Name of the Vulnerable Software and Affected Versions omec-upf versions 2.1.3-dev Description A denial-of-service issue exists in omec-upf. Specifically, when the UPF receives a PFCP Association Setup Request lacking the mandatory Recovery Time Stamp Information Element, the association setup...

CVE-2025-65564

The CVE-2025-65564 issue affects omec-upf (upf-epc-pfcpiface) 2.1.3-dev. The PFCP Association Setup Request, if missing the mandatory Recovery Time Stamp Information Element, triggers a nil-pointer dereference in the association setup handler and causes a panic, terminating the UPF process and po...