Nixpkgs security tracker

Dismissed

Permalink CVE-2025-15531

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse ignored package open5gs-webui 3 months, 1 week ago
@LeSuisse dismissed 3 months, 1 week ago

Open5GS context.c sgwc_bearer_add assertion

A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The issue report is flagged as already-fixed.

References

VDB-341598 | Open5GS context.c sgwc_bearer_add assertion vdb-entrytechnical-description
VDB-341598 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #729339 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4233 issue-tracking
https://github.com/open5gs/open5gs/issues/4233#issue-3776216182 exploitissue-tracking

Affected products

Open5GS

==2.7.5
==2.7.1
==2.7.2
==2.7.4
==2.7.3
==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Ignored packages (1)

pkgs.open5gs-webui