16 matches found
CVE-2026-1586
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...
CVE-2026-1586
Open5GS SGWC is affected up to version 2.7.5 by a denial-of-service flaw in the ogs_gtp2_f_teid_to_ip function in sgwc/s11-handler.c. The issue can be exploited remotely; an exploit has been published. A patch is available and Open5GS 2.7.6+ is expected to contain the fix. If you are running Open...
CVE-2026-1586
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...
CVE-2026-1586 Open5GS SGWC s11-handler.c ogs_gtp2_f_teid_to_ip denial of service
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...
CVE-2026-1586 Open5GS SGWC s11-handler.c ogs_gtp2_f_teid_to_ip denial of service
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...
CVE-2025-15417
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwcs11handlecreatesessionrequest of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is public...
CVE-2025-15417 Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwcs11handlecreatesessionrequest of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is public...
CVE-2025-15417 Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwcs11handlecreatesessionrequest of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is public...
CVE-2025-65559
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...
CVE-2025-65559
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...
CVE-2025-65559
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...
CVE-2025-65559
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...
CVE-2025-65559
CVE-2025-65559 – Open5GS vulnerability affecting Open5GS 2.7.5-49-g465e90f. Processing a PFCP Session Establishment Request (type=50) can trigger a reachable assertion in lib/pfcp/context.c (ogs_pfcp_object_teid_hash_set) when CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags (IPv...
CVE-2022-39063
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the fteidlen from incoming message, and then uses it to copy data from incoming message to struct fteid without...
Open5GS 安全漏洞
Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS version 2.4.9 and earlier, which stems from the fact that if pdi.localfteid.len exceeds the maximum length of the fteid structure, memcpy overwrites...
GTP Echo Scanner
This module sends UDP GTP GTP-U echo requests to the target RHOSTS and reports on which ones respond, thus identifying General Packet Radio Service GPRS servers. This module does not support scanning with SCTP. This module requires Metasploit: https://metasploit.com/download Current source:...