Search
Search Results (18 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65562 | 1 Free5gc | 1 Upf | 2025-12-19 | N/A |
| The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID (e.g., 0xFFFFFFFFFFFFFFFF) that causes an integer conversion/underflow in LocalNode.DeleteSess() / LocalNode.Sess() when a uint64 SEID is converted to int and used in index arithmetic. This leads to a negative index into n.sess and a Go runtime panic, resulting in a denial of service (UPF crash). The issue has been reproduced on free5GC v4.1.0 with crashes observed in the session lookup/deletion path in internal/pfcp/node.go; other versions may also be affected. No authentication is required. | ||||
| CVE-2025-65561 | 1 Free5gc | 2 Free5gc, Upf | 2025-12-19 | N/A |
| An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request. | ||||
| CVE-2025-60632 | 1 Free5gc | 1 Free5gc | 2025-12-01 | 6.5 Medium |
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API. | ||||
| CVE-2025-60633 | 1 Free5gc | 1 Free5gc | 2025-12-01 | 6.5 Medium |
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API. | ||||
| CVE-2025-60638 | 1 Free5gc | 1 Free5gc | 2025-12-01 | 7.5 High |
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API. | ||||
| CVE-2025-63679 | 1 Free5gc | 1 Free5gc | 2025-11-14 | 9.8 Critical |
| free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes. | ||||
| CVE-2025-56394 | 1 Free5gc | 1 Free5gc | 2025-10-08 | 7.5 High |
| Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow. | ||||
| CVE-2025-29632 | 1 Free5gc | 1 Free5gc | 2025-06-25 | 5.4 Medium |
| Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components | ||||
| CVE-2022-38870 | 1 Free5gc | 1 Free5gc | 2025-05-07 | 7.5 High |
| Free5gc v3.2.1 is vulnerable to Information disclosure. | ||||
| CVE-2022-38871 | 1 Free5gc | 1 Free5gc | 2025-04-30 | 7.5 High |
| In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. | ||||
| CVE-2023-4659 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 9.8 Critical |
| Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication. | ||||
| CVE-2023-49391 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 7.5 High |
| An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. | ||||
| CVE-2023-47347 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. | ||||
| CVE-2023-47346 | 1 Free5gc | 3 Free5gc, Smf, Upf | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. | ||||
| CVE-2023-47345 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero. | ||||
| CVE-2023-47025 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 5.5 Medium |
| An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | ||||
| CVE-2023-46324 | 2 Free5gc, Golang | 2 Udm, Go | 2024-11-21 | 7.5 High |
| pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key. | ||||
| CVE-2022-43677 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 5.5 Medium |
| In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. | ||||
Page 1 of 1.