Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
The vulnerability consists of writing data outside the boundaries of an allocated buffer on the heap (heap-based buffer overflow, CWE-122), which occurs in the PFCP protocol context handling module (Packet Forwarding Control Protocol). An attacker can provide crafted network data that causes writing outside the permitted memory area. The attack vector is network-based, requires no authentication or user interaction, which significantly increases the risk.
An attacker can gain full control over the vulnerable process, execute arbitrary code (RCE), or cause service failure (DoS). System confidentiality, integrity, and availability are at risk.
Patches available from the vendor must be applied according to references — fix available in the Open5GS GitHub repository as commit 2fbc445d32aa7749166396a9c055a199f90a1b01. Update to a version containing the indicated commit is recommended.
Open5GS version 2.6.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpen5gs
APPOpen5Gs2.6.4
Related vulnerabilities
Buffer Overflow w Open5GS v2.6.4 — podatność krytyczna w bibliotece core
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component all...
An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (ty...
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of servic...
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF...