4.3
CVE-2026-7708
- EPSS 0.28%
- Veröffentlicht 03.05.2026 22:45:13
- Zuletzt bearbeitet 05.05.2026 19:13:44
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
Open5GS
Version
2.7.0
Status
affected
Version
2.7.1
Status
affected
Version
2.7.2
Status
affected
Version
2.7.3
Status
affected
Version
2.7.4
Status
affected
Version
2.7.5
Status
affected
Version
2.7.6
Status
affected
Version
2.7.7
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.192 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 2.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
https://github.com/open5gs/open5gs/
https://vuldb.com/vuln/360884
https://vuldb.com/vuln/360884/cti
https://vuldb.com/submit/805701
https://github.com/open5gs/open5gs/issues/4412