A missing length check in ogs_pfcp_dev_add function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dev field with a value with length greater than 32.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/44xxx/CVE-2025-44951.json",
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.2"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}