Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: open5gs

Found 23 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2025-15530
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 3 weeks ago
Open5GS s11-handler.c assertion

A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. Executing a manipulation can lead to reachable assertion. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The issue report is flagged as already-fixed.

Affected products

Open5GS
  • ==2.7.0
  • ==2.7.3
  • ==2.7.4
  • ==2.7.1
  • ==2.7.5
  • ==2.7.6
  • ==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Package maintainers

Untriaged
Permalink CVE-2025-15528
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 3 weeks ago
Open5GS GTPv2 Bearer Response denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 98f76e98df35cd6a35e868aa62715db7f8141ac1. A patch should be applied to remediate this issue.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.5
  • ==2.7.3
  • ==2.7.6
  • ==2.7.4
  • ==2.7.2
  • ==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Package maintainers

Untriaged
Permalink CVE-2025-15529
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 3 weeks ago
Open5GS s5c-handler.c sgwc_s5c_handle_create_session_response denial of service

A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named b19cf6a2dbf5d30811be4488bf059c865bd7d1d2. To fix this issue, it is recommended to deploy a patch.

Affected products

Open5GS
  • ==2.7.1
  • ==2.7.5
  • ==2.7.3
  • ==2.7.6
  • ==2.7.4
  • ==2.7.2
  • ==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

Package maintainers