NIXPKGS-2026-0116

GitHub issue published on 5 Feb 2026

Permalink CVE-2025-15555

updated 2 weeks, 2 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 2 days ago
@LeSuisse removed package open5gs-webui 2 weeks, 2 days ago
@LeSuisse accepted 2 weeks, 2 days ago
@LeSuisse published on GitHub 2 weeks, 2 days ago

Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.

Affected products

Open5GS

==2.7.3
==2.7.5
==2.7.0
==2.7.4
==2.7.1
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6
nixos-25.11 2.7.6
- nixos-25.11-small 2.7.6
- nixpkgs-25.11-darwin 2.7.6

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Upstream patch: https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20a2f9f9173e7a21

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0116

Affected products

Matching in nixpkgs

pkgs.open5gs

Package maintainers