CNNVD-202602-573 Information
CNNVD ID
CNNVD-202602-573
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Open5GS是Open5GS开源的一个 5G Core 和 Epc 的 C 语言开源实现,即 Lte/Nr 网络的核心网络。 Open5GS 2.7.6及之前版本存在安全漏洞,该漏洞源于对文件src/hss/hss-cx-path.c中函数hss_ogs_diam_cx_mar_cb的参数OGS_KEY_LEN操作不当,可能导致基于栈的缓冲区溢出。
Description (English)
Open5GS is a 5G Core and Epc open-language C open source of Open5GS, the core network of the Lte/Nr network. The security gap in Open5GS 2.7.6 and previous versions stems from the inappropriate operation of the parameter for the function hss ogs diam cx mar cb in document src/hss/hss-cx-path.c, which could lead to the spilling of a fence-based buffer zone.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Open5GS
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20a2f9f9173e7a21 https://github.com/open5gs/open5gs/issues/4177 https://github.com/open5gs/open5gs/issues/4177#event-21256395700 https://vuldb.com/?ctiid.343795 https://vuldb.com/?id.343795 https://vuldb.com/?submit.741901