Nixpkgs security tracker

Published

Permalink CVE-2026-8252

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362549 | Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4446 issue-trackingexploit

Ignored references (3)

VDB-362549 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #808482 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8223

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send denial of service

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362440 | Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4438 issue-trackingexploit

Ignored references (3)

VDB-362440 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808442 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8225

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362442 | Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4440 issue-trackingexploit

Ignored references (3)

VDB-362442 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808444 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8251

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362548 | Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4445 issue-trackingexploit

Ignored references (3)

VDB-362548 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808480 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8224

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-362441 | Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4439 issue-trackingexploit

Ignored references (3)

VDB-362441 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808443 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8226

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362443 | Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4441 issue-trackingexploit

Ignored references (3)

VDB-362443 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808445 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8187

6.9 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Not Defined (X)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362339 | Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4492 issue-tracking

Ignored references (3)

VDB-362339 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #800025 | Open5GS 2.7.7 Denial of Service (DoS) (CWE-400) third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Published

Permalink CVE-2026-8186

6.9 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): Not Defined (X)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc487fcf9ea87d2b03f2ef95123af344773bfb. It is suggested to install a patch to address this issue.

References

VDB-362338 | Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4491 issue-tracking
https://github.com/open5gs/open5gs/pull/4496 issue-trackingpatch
https://github.com/open5gs/open5gs/commit/d5bc487fcf9ea87d2b03f2ef95123af344773… patch

Ignored references (3)

VDB-362338 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #800024 | Open5GS 2.7.7 Out-of-bounds Read (CWE-125) / Denial of Service (CWE-400) third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Published

Permalink CVE-2026-8120

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS NSSF nnssf-handler.c denial of service

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-361907 | Open5GS NSSF nnssf-handler.c denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4432 issue-trackingexploit

Ignored references (3)

VDB-361907 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808421 | Open5gs NSSF v2.7.7 Denial of Service third-party-advisoryexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.7
==2.7.4
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Untriaged

Permalink CVE-2026-8123

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

created 1 month ago Activity log

Created suggestion 1 month ago

Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-361910 | Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service technical-descriptionvdb-entry
VDB-361910 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808426 | Open5gs NSSF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4436 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers