We found results for “”
CVE-2025-44952
Good to know:
Date: June 17, 2025
A missing length check in "ogs_pfcp_subnet_add" function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the "session.dnn" field with a value with length greater than 101.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-120Top Fix
Upgrade Version
Upgrade to version https://github.com/althea-net/open5gs.git - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
Vulnerabilities
Projects
Contact Us


