CVE-2025-56568

high

Description

Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data.

References

https://github.com/open5gs/open5gs/issues/3969

https://github.com/open5gs/open5gs/commit/d7707879c943d2c952235382154d835b5849d54e

Details

Source: Mitre, NVD

Published: 2026-04-30

Updated: 2026-05-01

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00074