60 matches found
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the processing of a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings. An attacker can cause the process to crash and disrupt...
CVE-2026-32320 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...
CVE-2026-32320 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...
CVE-2026-32320 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...
CVE-2026-32320
Ella Core (5G private-net core) is affected by a DoS when processing a PathSwitchRequest that contains UE Security Capabilities with zero-length NR encryption or integrity protection bitstrings. The issue can crash the process via crafted NGAP messages, leading to service disruption for all conne...
GHSA-J478-P7VQ-3347 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Summary Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process,...
EUVD-2026-11724
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings...
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Summary Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process,...
PT-2025-23617 · Open5Gs · Open5Gs
Name of the Vulnerable Software and Affected Versions: Open5GS versions up to 2.7.3 Description: A vulnerability was found in the function ngap handle path switch request transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to...
PT-2025-1407 · Open5Gs · Open5Gs Mme
Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue concerns an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Path Switch Request message missing a required MME UE S1AP I...
SUSE CVE-2017-1000112
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In...
kernel: Exploitable memory corruption due to UFO to non-UFO path switch
An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: Exploitable memory corruption due to UFO to non-UFO path switch
An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...
kernel: Exploitable memory corruption due to UFO to non-UFO path switch
An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...
kernel: Exploitable memory corruption due to UFO to non-UFO path switch
An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...
kernel: Exploitable memory corruption due to UFO to non-UFO path switch
An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...
CVE-2017-1000112
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In...
Critical: kernel
Issue Overview: Exploitable memory corruption due to UFO to non-UFO path switch CVE-2017-1000112 heap out-of-bounds in AFPACKET sockets CVE-2017-1000111 The mqnotify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a...
PT-2017-10816 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The issue is related to a memory corruption vulnerability due to a UFO to non-UFO path switch. This occurs when building a UFO packet with MSG MORE, and the append path can be...