{"id":"CVE-2025-15418","details":"A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is named 4e913d21f2c032b187815f063dbab5ebe65fe83a. To fix this issue, it is recommended to deploy a patch.","modified":"2026-04-12T17:59:05.712591Z","published":"2026-01-02T00:15:43.047Z","references":[{"type":"WEB","url":"https://github.com/open5gs/open5gs/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.339340"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.728043"},{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/4217"},{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/4217#issue-3759615968"},{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/4217#issuecomment-3690767105"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.339340"},{"type":"FIX","url":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"0"},{"last_affected":"d9d3abdd480be96fac3bc8a997e83446648763ca"},{"fixed":"4e913d21f2c032b187815f063dbab5ebe65fe83a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.6"}]}}],"versions":["v0.1.0","v0.1.1","v0.2.0","v0.3.0","v0.3.1","v0.3.10","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.8","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v1.0.0","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v2.0.0","v2.0.18","v2.0.22","v2.1.0","v2.1.1","v2.1.3","v2.1.4","v2.1.5","v2.1.7","v2.2.0","v2.2.1","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.2","v2.3.6","v2.4.0","v2.4.1","v2.4.3","v2.4.4","v2.4.5","v2.4.7","v2.4.8","v2.4.9","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.6","v2.7.0","v2.7.1","v2.7.2","v2.7.5","v2.7.6"],"database_specific":{"vanir_signatures_modified":"2026-04-12T17:59:05Z","vanir_signatures":[{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"329856717526135119538908501081309074977","length":6480},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-344e40a9","target":{"function":"smf_s5c_handle_bearer_resource_command","file":"src/smf/s5c-handler.c"}},{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"262021341753079432219969879458940109913","length":727},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-9a51eb7a","target":{"function":"ogs_gtp2_parse_flow_qos","file":"lib/gtp/v2/types.c"}},{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"334754483001972696561882239704900007849","length":11155},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-9d9cac0b","target":{"function":"smf_s5c_handle_create_session_request","file":"src/smf/s5c-handler.c"}},{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"329543839650726335680745584138883459068","length":926},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-9dc78d6d","target":{"function":"ogs_gtp2_parse_bearer_qos","file":"lib/gtp/v2/types.c"}},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["271787626993316706612311793198602220882","34416988402101326454032227536139984885","179813625722567220070921758403395652106","221236605691055841650700751255992345839","17900012746073832029826838916377672180","233918127460046955881258459356091673589","250377685072779835463703405982750974556","219026633566056177263328640862594893181","296042967273174158016797132664340132532"]},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-a95c6748","target":{"file":"src/sgwc/s11-handler.c"}},{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"311099909318344056909886222032198522867","length":6859},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-b63a82f3","target":{"function":"sgwc_s11_handle_create_session_request","file":"src/sgwc/s11-handler.c"}},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["38017208817774213280761318325198808243","94778990074870973103764001698954719788","293952141973511384287253858566818605179","62459825060639851175851586711345633876","119656504876539921024875035932767600338","106439372501869024052676058613784157830","77752825217197064868589875231714434164","135030088737795206721133498895998630218"]},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-b696ff7a","target":{"file":"lib/gtp/v2/types.c"}},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["17900012746073832029826838916377672180","233918127460046955881258459356091673589","23324592745127388020659963800782293316","310057843973907710296736236795589457203","209497877899117009696403147489162057155","244453898215795457968753487324032732379","288593856561153794639183289813241745516","38971648597017693172464169314442165626","121795992113260316089958538858551953653"]},"signature_version":"v1","source":"https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a","id":"CVE-2025-15418-c57b8fed","target":{"file":"src/smf/s5c-handler.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15418.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}