We found results for “”
CVE-2025-44951
Good to know:
Date: June 17, 2025
A missing length check in "ogs_pfcp_dev_add" function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the "session.dev" field with a value with length greater than 32.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-120Top Fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
Vulnerabilities
Projects
Contact Us


