436 matches found
CVE-2025-69232
CVE-2025-69232 affects free5GC go-upf up to version 1.2.6 and free5gc smf up to 1.4.0. It is an Improper Input Validation and Protocol Compliance vulnerability that can cause Denial of Service: a remote attacker sends a malformed PFCP Association Setup Request, which UPF accepts and enters an inc...
PT-2026-21564
Name of the Vulnerable Software and Affected Versions free5GC go-upf versions prior to 1.2.8 Description The go-upf component of free5GC, a User Plane Function UPF implementation for 5G networks, contains a Heap-based Buffer Overflow. A specially crafted PFCP Session Modification Request with an...
CVE-2026-2517
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...
CVE-2026-2523
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smfgnhandlecreatepdpcontextrequest of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now...
CVE-2026-2523
Open5GS Open5GS (up to 2.7.6) is affected in the SMF path, specifically the smf_gn_handle_create_pdp_context_request function in src/smf/gn-handler.c. The issue is a manipulation that leads to a reachable assertion, allowing remote exploitation. Public exploits exist and disclosure occurred with ...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function...
CVE-2026-2517
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...
CVE-2026-2517 Open5GS SMF types.c ogs_gtp2_parse_tft denial of service
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...
CVE-2026-2517
Open5GS vulnerable up to version 2.7.6 due to a flaw in the SMF component. The issue is in ogs_gtp2_parse_tft (library lib/gtp/v2/types.c) where manipulating pf[0].content.length can cause a denial of service. Exploitation can be performed remotely, and public proof-of-concept code exists. The vu...
CVE-2026-2517
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...
CVE-2026-2517 Open5GS SMF types.c ogs_gtp2_parse_tft denial of service
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter pf0.content.length in the SM...
PT-2026-8238
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs gtp2 parse tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be...
CVE-2025-70123
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...
CVE-2026-1974
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...
CVE-2026-1973
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. I...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the identityTriggerType function in the pfcpreports.go file. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference. Remediation Upgrade...
CVE-2026-1976
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used f...