NIXPKGS-2026-0116

GitHub issue published on

Permalink CVE-2025-15555

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 3 weeks ago
@LeSuisse ignored package open5gs-webui 2 months, 3 weeks ago
@LeSuisse accepted 2 months, 3 weeks ago
@LeSuisse published on GitHub 2 months, 3 weeks ago

Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.

References

VDB-343795 | Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow vdb-entrytechnical-description
VDB-343795 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #741901 | Open5GS v2.7.6 Buffer Over-read third-party-advisory
https://github.com/open5gs/open5gs/issues/4177 issue-tracking
https://github.com/open5gs/open5gs/issues/4177#event-21256395700 exploitissue-tracking
https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20a2f9f9173e7… patch
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.5
==2.7.6
==2.7.1
==2.7.2
==2.7.4
==2.7.3
==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6
nixos-25.11 2.7.6
- nixos-25.11-small 2.7.6
- nixpkgs-25.11-darwin 2.7.6

Ignored packages (1)

pkgs.open5gs-webui