Nixpkgs security tracker

Permalink CVE-2026-25501

created 2 months, 4 weeks ago Activity log

Created suggestion 2 months, 4 weeks ago

free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missing

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP SessionReportRequest on the SMF PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-vq85-8f6p-g9q5 x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/805 x_refsource_MISC

Affected products

smf

==<= 1.4.1

Matching in nixpkgs

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.3.2
- nixos-25.11-small 1.3.2
- nixpkgs-25.11-darwin 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.3
- nixos-25.11-small 1.3
- nixpkgs-25.11-darwin 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15
nixos-25.11 2022-09-15
- nixos-25.11-small 2022-09-15
- nixpkgs-25.11-darwin 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0
nixos-25.11 smf2wav-1.9.0
- nixos-25.11-small smf2wav-1.9.0
- nixpkgs-25.11-darwin smf2wav-1.9.0

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.tests.fetchFromGitHub.rootDir

None

nixos-unstable smfyc8dzpa0l
- nixpkgs-unstable smfyc8dzpa0l

Package maintainers

@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@NotAShelf NotAShelf <raf@notashelf.dev>
@eclairevoyant éclairevoyant
@Gerg-L Greg Leyda <gregleyda@proton.me>

Permalink CVE-2026-1683

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service

A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.

References

VDB-343476 | Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service vdb-entrytechnical-description
VDB-343476 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #739653 | free5gc SMF v4.1.0 Denial of Service third-party-advisory
Submit #739654 | free5gc SMF v4.1.0 Denial of Service (Duplicate) third-party-advisory
https://github.com/free5gc/free5gc/issues/804 issue-tracking
https://github.com/free5gc/free5gc/issues/804#issue-3816086696 issue-trackingexploit
https://github.com/free5gc/smf/pull/188 issue-trackingpatch

Affected products

SMF

==4.0
==4.1.0

Matching in nixpkgs

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0

pkgs.tests.fetchgit.rootDir

None

nixos-unstable qbp2smfq2pd7
- nixpkgs-unstable qbp2smfq2pd7

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

Package maintainers

@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@Gerg-L Greg Leyda <gregleyda@proton.me>
@arthsmn Arthur Cerqueira

Permalink CVE-2026-1682

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference

A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been published and may be used. A patch should be applied to remediate this issue.

References

VDB-343475 | Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference vdb-entrytechnical-description
VDB-343475 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #739508 | free5gc SMF v4.1.0 Denial of Service third-party-advisory
https://github.com/free5gc/free5gc/issues/794 issue-tracking
https://github.com/free5gc/free5gc/issues/794#issuecomment-3761063382 issue-tracking
https://github.com/free5gc/free5gc/issues/794#issue-3811888505 issue-trackingexploit
https://github.com/free5gc/smf/pull/188 issue-trackingpatch

Affected products

SMF

==4.0
==4.1.0

Matching in nixpkgs

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0

pkgs.tests.fetchgit.rootDir

None

nixos-unstable qbp2smfq2pd7
- nixpkgs-unstable qbp2smfq2pd7

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

Package maintainers

@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@Gerg-L Greg Leyda <gregleyda@proton.me>
@arthsmn Arthur Cerqueira

Permalink CVE-2026-1684

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Not Defined (X)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service

A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implement a patch to correct this issue.

References

VDB-343477 | Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service vdb-entrytechnical-description
VDB-343477 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #739655 | free5gc SMF v4.1.0 Denial of Service third-party-advisory
Submit #739656 | free5gc SMF v4.1.0 Denial of Service (Duplicate) third-party-advisory
https://github.com/free5gc/free5gc/issues/806 issue-tracking
https://github.com/free5gc/smf/pull/188 issue-trackingpatch

Affected products

SMF

==4.0
==4.1.0

Matching in nixpkgs

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0

pkgs.tests.fetchgit.rootDir

None

nixos-unstable qbp2smfq2pd7
- nixpkgs-unstable qbp2smfq2pd7

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

Package maintainers

@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@Gerg-L Greg Leyda <gregleyda@proton.me>
@arthsmn Arthur Cerqueira

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

pkgs.python314Packages.pysmf

pkgs.tests.fetchFromGitHub.rootDir

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.tests.fetchgit.rootDir

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.tests.fetchgit.rootDir

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.tests.fetchgit.rootDir

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

Package maintainers