Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The Flow-Description parser (parseFlowDesc) can read beyond the bounds of the provided buffer, causing a panic and terminating the UPF process. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UPF 安全漏洞
Vulnerability Description
UPF是Aether SD-Core Project开源的一个用户界面。 UPF upf-epc-pfcpiface:2.1.3-dev版本存在安全漏洞,该漏洞源于处理包含畸形流描述的PFCP会话建立请求时缓冲区越界读取,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A