PT-2026-8007 · Free5Gc · Free5Gc
Published
2026-02-13
·
Updated
2026-02-18
·
CVE-2025-70122
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
free5GC version 4.0.1
Description
A heap buffer overflow exists in the UPF component of free5GC version 4.0.1. This flaw allows remote attackers to potentially cause a denial of service by sending a specially crafted PFCP Session Modification Request. The issue is located in the
SDFFilterFields.UnmarshalBinary function (sdf-filter.go) and occurs when processing a declared length that exceeds the buffer's capacity, resulting in a runtime panic and UPF crash.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Free5Gc