Primary

Context

Open5GS Denial-of-Service Vulnerability in PCF Component

Vulnerability

A denial-of-service vulnerability has been identified in Open5GS versions through 2.7.7. The issue arises in the PCF component's sm-policies endpoint, specifically within the pcf_sess_sbi_discover_and_send function. The vulnerability can be exploited remotely, leading to a crash of the PCF process.

Impact

Exploitation of this vulnerability causes the PCF component to crash, disrupting service and requiring a manual restart of the PCF container.

Reproduction

The vulnerability can be reproduced by sending a VPLMN SM Policy Association request that triggers a discovery process with the BSF. If the client disconnects before the discovery response is received, the PCF crashes. This can be done by configuring a fake NRF endpoint that delays responses, sending the SM Policy Association request with a short timeout, and then allowing the delayed response to cause the crash.

Added: May 10, 2026, 3:18 AM

Updated: May 10, 2026, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

7.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

7.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS Denial-of-Service Vulnerability in PCF Component

Vulnerability

Impact

Reproduction

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating