CVE-2025-65568

High CVSS: 7.5

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During parsing, parseFAR() calls ip2int(), which performs an out-of-bounds read on the IPv4 address buffer and triggers an index-out-of-range panic. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.

Vendor

Opennetworking

Product

Upf

CWE

CWE-125

Yayın Tarihi

2025-12-18 19:16:34

Güncelleme

2026-01-07 21:06:47

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-125 Upf HIGH Opennetworking 2025

Referanslar

http://omec-projectupf.com http://upf-epc-pfcpiface.com https://github.com/omec-project/upf/issues/962 https://github.com/omec-project/upf/issues/962

Benzer Kayıtlar

High

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.…

High

CVE-2025-65567

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.…

High

CVE-2025-65563

A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version up…

High

CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. Whe…

Critical

CVE-2023-41591

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute…

Medium

CVE-2024-53423

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafte…