NIXPKGS-2026-0271

GitHub issue published on

Permalink CVE-2026-2522

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@LeSuisse ignored package open5gs-webui 2 months, 1 week ago
@LeSuisse accepted 2 months, 1 week ago
@LeSuisse published on GitHub 2 months, 1 week ago

Open5GS MME esm-build.c memory corruption

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346110 | Open5GS MME esm-build.c memory corruption vdb-entry
VDB-346110 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #738336 | Open5GS MME v2.7.6 Buffer Overflow third-party-advisory
https://github.com/open5gs/open5gs/issues/4283 issue-tracking
https://github.com/open5gs/open5gs/issues/4283#issue-3807916595 exploitissue-tracking
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.5
==2.7.6
==2.7.1
==2.7.2
==2.7.4
==2.7.3
==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6
nixos-25.11 2.7.6
- nixos-25.11-small 2.7.6
- nixpkgs-25.11-darwin 2.7.6

Ignored packages (1)

pkgs.open5gs-webui