CVE-2026-7183

aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception

Assigner: VulDB
Reserved: 27.04.2026 Published: 27.04.2026 Updated: 27.04.2026

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.0

CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C
CVSS Score: 5

Access Vector	Network	Confidentiality Impact	None
Access Complexity	Low	Integrity Impact	None
Authentication	None	Availability Impact	Partial

CVSS 2.0

Product Status

Vendor	aligungr
Product	UERANSIM
Versions	Version 3.2.0 is affected Version 3.2.1 is affected Version 3.2.2 is affected Version 3.2.3 is affected Version 3.2.4 is affected Version 3.2.5 is affected Version 3.2.6 is affected Version 3.2.7 is affected Version 3.2.8 is unaffected

Vendor

aligungr

Product

UERANSIM

Versions

Version 3.2.0 is affected
Version 3.2.1 is affected
Version 3.2.2 is affected
Version 3.2.3 is affected
Version 3.2.4 is affected
Version 3.2.5 is affected
Version 3.2.6 is affected
Version 3.2.7 is affected
Version 3.2.8 is unaffected

Credits

0wln3d (VulDB User) reporter
VulDB CNA Team coordinator

References

Problem Types