Description
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2026-04-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is located in the rls::DecodeRlsMessage function of UERANSIM’s Radio Link Simulation Layer. Manipulating the pduLength argument causes the function to throw an uncaught exception, which terminates the process. Rather than enabling arbitrary code execution, the flaw can be used to crash the service. Because the trigger can be supplied remotely, an attacker can interrupt or disrupt network functions that rely on the simulator. The weakness is an Uncaught Exception (CWE‑248), which effectively provides a Denial‑of‑Service impact.

Affected Systems

Vendor aligungr provides UERANSIM, a software suite used for 5G radio network simulation. All releases up to and including 3.2.7 are affected. Version 3.2.8 and later contain the fix, as identified by commit ca1a66fffe282767bb08618af9f848e3b68ea47b. By updating to 3.2.8 you eliminate the code path that can trigger the uncaught exception.

Risk and Exploitability

The CVSS score of 6.9 places the issue in the moderate severity range. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, so large‑scale exploitation is not currently documented. However, because the flaw is remotely exploitable and can crash the simulator, organizations running UERANSIM for testing and training should consider patching immediately to avoid service disruption.

Generated by OpenCVE AI on April 28, 2026 at 12:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade UERANSIM to version 3.2.8 or later, following the vendor’s release instructions.
  • Rebuild and redeploy your simulator installations to run the updated binaries.
  • If an update is not immediately possible, isolate the UERANSIM host from untrusted networks or disable the Radio Link Simulation Layer until the fix can be applied.

Generated by OpenCVE AI on April 28, 2026 at 12:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Aligungr
Aligungr ueransim
Vendors & Products Aligungr
Aligungr ueransim

Mon, 27 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception
Weaknesses CWE-248
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Aligungr Ueransim
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T15:15:00.680Z

Reserved: 2026-04-27T09:56:05.895Z

Link: CVE-2026-7183

cve-icon Vulnrichment

Updated: 2026-04-28T14:56:43.131Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T23:16:03.857

Modified: 2026-04-28T20:27:50.180

Link: CVE-2026-7183

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:00:15Z

Weaknesses