CVE-2025-56568

HIGH

Open5GS < 2.7.5 - Denial of Service via Malformed NGAP Message Length Field

Title source: llm

Description

Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data.

References (2)

Core 2

Core References

https://github.com/open5gs/open5gs/issues/3969

https://github.com/open5gs/open5gs/commit/d7707879c943d2c952235382154d835b5849d54e

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-617

Status published

Published Apr 30, 2026

Tracked Since May 01, 2026