CVE-2026-10114

Exploit

EPSS 0.28%
Veröffentlicht 30.05.2026 10:00:09
Zuletzt bearbeitet 02.06.2026 03:16:15
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Open5GS Shared NF-profile nnrf-handler.c handle_scp_info out-of-bounds write

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. To fix this issue, it is recommended to deploy a patch.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt Open5GS

Version 2.7.0

Status affected

Version 2.7.1

Status affected

Version 2.7.2

Status affected

Version 2.7.3

Status affected

Version 2.7.4

Status affected

Version 2.7.5

Status affected

Version 2.7.6

Status affected

Version 2.7.7

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/open5gs/open5gs/

https://vuldb.com/vuln/367292

https://vuldb.com/vuln/367292/cti

https://vuldb.com/submit/818582

https://github.com/open5gs/open5gs/issues/4468

https://nvd.nist.gov/vuln/detail/CVE-2026-10114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10114

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10114