scmdcs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2025-44952 | |
| ------------------------------------------ | |
| [Description] | |
| A missing length check in `ogs_pfcp_subnet_add` function from PFCP | |
| library, used by both smf and upf in open5gs 2.7.2 and earlier, allows | |
| a local attacker to cause a Buffer Overflow by changing the | |
| `session.dnn` field with a value with length greater than 101. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2025-44951 | |
| ------------------------------------------ | |
| [Description] | |
| A missing length check in `ogs_pfcp_dev_add` function from PFCP | |
| library, used by both smf and upf in open5gs 2.7.2 and earlier, allows | |
| a local attacker to cause a Buffer Overflow by changing the | |
| `session.dev` field with a value with length greater than 32. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2025-29646 | |
| ------------------------------------------ | |
| [Description] | |
| An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker | |
| to cause a Denial of Service via a crafted PFCP | |
| SessionEstablishmentRequest packet with restoration indication = true | |
| and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size). |