CVE-2026-2517

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-2517

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2517.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-2517

Published

2026-02-15T13:16:16.690Z

Modified

2026-02-20T02:40:48.041874Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type: GIT
Repo: https://github.com/open5gs/open5gs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d9d3abdd480be96fac3bc8a997e83446648763ca

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v2.*

v2.0.0

v2.0.18

v2.0.22

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.1.5

v2.1.7

v2.2.0

v2.2.1

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.6

v2.4.0

v2.4.1

v2.4.3

v2.4.4

v2.4.5

v2.4.7

v2.4.8

v2.4.9

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.6

v2.7.0

v2.7.1

v2.7.2

v2.7.5

v2.7.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2517.json"