Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-2062
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference
A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue.
References
-
VDB-344622 | Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference vdb-entrytechnical-description
-
-
Submit #744719 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
-
https://github.com/open5gs/open5gs/issues/4257 issue-tracking
-
Affected products
Open5GS
- ==2.7.0
- ==2.7.3
- ==2.7.4
- ==2.7.1
- ==2.7.2
- ==2.7.6
- ==2.7.5
Matching in nixpkgs
pkgs.open5gs
4G/5G core network components
pkgs.open5gs-webui
4G/5G core network components
Package maintainers
-
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
-
@xddxdd Yuhui Xu <b980120@hotmail.com>