Lucene search
K

9 matches found

Snyk
Snyk
added 2026/02/06 2:47 a.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the establishPfcpSession function. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference in the SMF component. Remediation Upgrade...

7.5CVSS6.1AI score0.00526EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/18 12:0 a.m.27 views

CVE-2025-65568

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During...

0.00347EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52290

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in the omec-project UPF pfcpiface component that can lead to a denial-of-service condition. Specifically, a crafted PFCP Session Establishment Request, containing a malformed...

7.5CVSS6.3AI score0.00347EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-28802

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.3 views

CVE-2022-39063

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the fteidlen from incoming message, and then uses it to copy data from incoming message to struct fteid without...

7.5CVSS6.9AI score0.01079EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.7 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.5CVSS7.1AI score0.01183EPSS
Exploits1
NVD
NVD
added 2021/10/07 3:15 p.m.40 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.5CVSS0.01183EPSS
Exploits1References1
CVE
CVE
added 2021/10/07 2:57 p.m.55 views

CVE-2021-41794

Open5GS CVE-2021-41794 affects Open5GS versions 1.0.0–2.3.3. The function ogs_fqdn_parse trusts a client-supplied length and uses it in a memcpy into a 100-byte stack buffer, enabling a buffer overflow when processing a PFCP Session Establishment Request with a crafted PDI Network Instance (e.g.,...

7.5CVSS7.5AI score0.01183EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/07 2:57 p.m.41 views

CVE-2021-41794

ogsfqdnparse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used ...

7.8AI score0.01183EPSS
Exploits1References1
Rows per page
Query Builder