Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During parsing, parseFAR() calls ip2int(), which performs an out-of-bounds read on the IPv4 address buffer and triggers an index-out-of-range panic. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UPF 安全漏洞
Vulnerability Description
UPF是Aether SD-Core Project开源的一个用户界面。 UPF存在安全漏洞,该漏洞源于处理包含空或截断IPv4地址字段的PFCP会话建立请求时越界读取,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A