Nixpkgs security tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: open5gs

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-7601
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Not Defined (X)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 1 month, 1 week ago by @LeSuisse Activity log
Open5GS AMF gmm-handler.c denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able to address this issue. The identifier of the patch is ebc66942b6f8f1fab2d640e71cf4e9f1a423b426. It is advisable to upgrade the affected component.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.7
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Ignored packages (1)

Package maintainers

Already fixed.
Permalink CVE-2025-15532
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 4 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 3 weeks ago
  • @LeSuisse ignored package open5gs-webui 4 months, 3 weeks ago
  • @LeSuisse dismissed 4 months, 3 weeks ago
Open5GS Timer resource consumption

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Ignored packages (1)

Package maintainers

Current stable was never affected

https://github.com/NixOS/nixpkgs/commit/f66adc76c1ad6cd711af7267eea214e09e9515ee
Permalink CVE-2025-15530
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 4 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 3 weeks ago
  • @LeSuisse ignored package open5gs-webui 4 months, 3 weeks ago
  • @LeSuisse dismissed 4 months, 3 weeks ago
Open5GS s11-handler.c assertion

A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. Executing a manipulation can lead to reachable assertion. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The issue report is flagged as already-fixed.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Ignored packages (1)

Package maintainers

Current stable was never affected https://github.com/NixOS/nixpkgs/commit/f66adc76c1ad6cd711af7267eea214e09e9515ee
Permalink CVE-2025-15531
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 4 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 3 weeks ago
  • @LeSuisse ignored package open5gs-webui 4 months, 3 weeks ago
  • @LeSuisse dismissed 4 months, 3 weeks ago
Open5GS context.c sgwc_bearer_add assertion

A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The issue report is flagged as already-fixed.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.4
  • ==2.7.0
  • ==2.7.3
  • ==2.7.5
  • ==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Ignored packages (1)

Package maintainers

Current stable was never affected

https://github.com/NixOS/nixpkgs/commit/f66adc76c1ad6cd711af7267eea214e09e9515ee