Description

A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue.

Related CPE's

Could not find any relations

References

https://github.com/open5gs/open5gs/commit/b72d8349980076e2c033c8324f07747a86eea4f8

https://github.com/open5gs/open5gs/issues/4180

https://github.com/open5gs/open5gs/issues/4180#issue-3666760066

https://github.com/open5gs/open5gs/issues/4180#issuecomment-3615555671

https://vuldb.com/?ctiid.338561

https://vuldb.com/?id.338561

https://vuldb.com/?submit.719830

Weaknesses

[email protected]

Primary
CWE-617

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-12-29T07:15:54.153

3 hours ago

Last modified

2025-12-29T07:15:54.153

3 hours ago