Skip to content

Commit 69e941b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-9g9c-c6jm-98g4 GHSA-xm92-8fcx-x654
1 parent d68e9d1 commit 69e941b

File tree

2 files changed

+120
-0
lines changed

2 files changed

+120
-0
lines changed

advisories/unreviewed/2026/01/GHSA-9g9c-c6jm-98g4/GHSA-9g9c-c6jm-98g4.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9g9c-c6jm-98g4",
4+
"modified": "2026-01-19T00:30:14Z",
5+
"published": "2026-01-19T00:30:14Z",
6+
"aliases": [
7+
"CVE-2025-15539"
8+
],
9+
"details": "A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: b4707272c1caf6a7d4dca905694ea55557a0545f. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15539"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/open5gs/open5gs/issues/4230"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/open5gs/open5gs/issues/4230#issue-3774173079"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/open5gs/open5gs/commit/b4707272c1caf6a7d4dca905694ea55557a0545f"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.341732"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.341732"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.735339"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-404"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-01-19T00:15:47Z"
59+
}
60+
}

advisories/unreviewed/2026/01/GHSA-xm92-8fcx-x654/GHSA-xm92-8fcx-x654.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-xm92-8fcx-x654",
4+
"modified": "2026-01-19T00:30:14Z",
5+
"published": "2026-01-19T00:30:14Z",
6+
"aliases": [
7+
"CVE-2025-15538"
8+
],
9+
"details": "A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15538"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/assimp/assimp/issues/6258"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/user-attachments/files/21216542/assimp_poc10.zip"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.341727"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.341727"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.735232"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-01-18T23:15:47Z"
59+
}
60+
}

0 commit comments

Comments
 (0)