Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer via IE.RecoveryTimeStamp() instead of validating the message. This results in a panic and terminates the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UPF 安全漏洞
Vulnerability Description
UPF是Aether SD-Core Project开源的一个用户界面。 UPF存在安全漏洞,该漏洞源于处理缺少恢复时间戳的PFCP关联设置请求时取消引用空指针,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A