Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead of rejecting the malformed message. This triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Report Response messages to the UPF's N4/PFCP endpoint can exploit this flaw to repeatedly crash the UPF and disrupt user-plane services.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UPF 安全漏洞
Vulnerability Description
UPF是Aether SD-Core Project开源的一个用户界面。 UPF upf-epc-pfcpiface:2.1.3-dev版本存在安全漏洞,该漏洞源于处理缺少原因信息元素的PFCP会话报告响应时取消引用空指针,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A