Approved changes feed: RSS · Atom
cpe:2.3:a:free5gc:smf:*:*:*:*:*:go:*:*
part: a version: * update: *
| Vendor | Free5Gc (77fcf67d-849c-57a8-9f49-9d3927749b22) |
|---|---|
| Product | Smf (0fda37be-188d-5284-9f4a-aa8a2bd0e69e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | go |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/free5gc/smf |
purl2cpe | 2026-06-01 10:14:56.528936 |
pkg:golang/github.com/free5gc/smf |
purl2cpe | 2026-06-01 10:14:56.528938 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-26025 |
vulnerable | 2026-06-08 07:53:20.737150 |
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).
Published: 2026-02-24T00:15:59.635Z
Updated: 2026-02-26T14:31:19.868Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-26024 |
vulnerable | 2026-06-08 07:53:20.736670 |
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE 
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).
Published: 2026-02-24T00:12:05.436Z
Updated: 2026-02-26T14:30:03.495Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25501 |
vulnerable | 2026-06-08 07:53:19.897287 |
free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missing
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP SessionReportRequest on the SMF PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).
Published: 2026-02-24T00:10:10.106Z
Updated: 2026-02-26T14:28:02.807Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-69232 |
vulnerable | 2026-06-08 07:41:22.235861 |
free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. As of time of publication, a fix is in development but not yet available. No direct workaround is available at the application level. Applying the official patch, once released, is recommended.
Published: 2026-02-23T21:27:51.587Z
Updated: 2026-02-25T15:26:32.065Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.