How severe is CVE-2022-39063?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-39063?

This is classified as CWE-676, which is a common weakness in software security.

CVE-2022-39063 - HIGH Severity | CVSS 7.5

Vulnerability Description

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough.

Related Vulnerabilities

CVE-2021-27474

HIGH

CVSS:7.5(High)

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attack...

CWE-6762021

CVE-2024-38434

MEDIUM

CVSS:6.5(Medium)

Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass

CWE-6762024

CVE-2021-27474

HIGH

CVSS:7.5(High)

CWE-6762021

CVE-2024-38434

MEDIUM

CVSS:6.5(Medium)

Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass

CWE-6762024

CVE-2024-50307

MEDIUM

CVSS:5.5(Medium)

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file ma...

CWE-6762024

CVE-2024-37387

MEDIUM

CVSS:4.0(Medium)

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered.

CWE-6762024