Description

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The Flow-Description parser (parseFlowDesc) can read beyond the bounds of the provided buffer, causing a panic and terminating the UPF process. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF.

INFO

Published Date :

2025-12-18T00:00:00.000Z

Last Modified :

2025-12-18T19:01:40.362Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65567 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65567.

URL Resource
https://github.com/omec-project/upf/issues/959 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System