Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2025-15555
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 1 week ago
Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.5
  • ==2.7.3
  • ==2.7.6
  • ==2.7.4
  • ==2.7.2
  • ==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

  • nixos-unstable -
  • nixos-25.11 2.7.6

Package maintainers