CVE-2025-65566

High CVSS: 7.5

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead of rejecting the malformed message. This triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Report Response messages to the UPF's N4/PFCP endpoint can exploit this flaw to repeatedly crash the UPF and disrupt user-plane services.

Vendor

Linuxfoundation

Product

Upf

CWE

CWE-476

Yayın Tarihi

2025-12-18 20:16:07

Güncelleme

2026-01-06 16:18:14

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-476 Upf HIGH Linuxfoundation 2025

Referanslar

https://github.com/omec-project/upf/issues/958 https://github.com/omec-project/upf/issues/958

Benzer Kayıtlar

High

CVE-2026-27489

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,…

Critical

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. I…

Medium

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop…

High

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memo…

Medium

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorizat…

Medium

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup cop…