BugZero | Palo Alto Networks BugID PAN-139718 - Fixed an issue where the firewall failed stateful ...

Palo Alto Networks - Defect ID: PAN-139718

Fixed an issue where the firewall failed stateful inspection for GTP forward relocation requests greater than 1,500 bytes and could not parse Access Point Name (APN) information in forward relocation requests.

Palo Alto Networks - Defect ID: PAN-139718

Fixed an issue where the firewall failed stateful inspection for GTP forward relocation requests greater than 1,500 bytes and could not parse Access Point Name (APN) information in forward relocation requests.

Last updated on Invalid date

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

The earliest recollection of this bug is traced back to PAN-OS 9.1.3 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.3. Fixed an issue where the firewall failed stateful inspection for GTP forward relocation requests greater than 1,500 bytes and could not parse Access Point Name (APN) information in forward relocation requests. For more information: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-3-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.5Defect ID: PAN-251895
Fixed an issue where enabling inline Cloud Analysis features caused a slow packet buffer leak, which resulted in performance issues and dropped traffic.
6.3Defect ID: PAN-294770
( Firewalls in active/passive HA configurations ) Fixed an issue on firewalls where, after failover, certain subnets were missing from the Link State Database, which prevented OSPF routes from being immediately learned due to a Type-7 to Type-5 LSA translation conflict in the ABR when the same LSA was advertised by two peers in the NSSA area.
6.3Defect ID: PAN-276795
Fixed an issue where the GlobalProtect client displayed an error message when you clicked Check Now and Preferred Releases and Base Releases were unchecked ( Device > Software ).
6.3Defect ID: PAN-297295
( VM-Series firewalls in Microsoft Azure environments only ) Fixed an issue where the firewall repeatedly restarted due to high packet rates on the synthetic path in DPDK mode.
6.3Defect ID: PAN-289383
( PA-800 series firewalls only ) Upgrading firewalls to PAN-OS 11.0 or later causes SFP ports to go non-operational when the firewall uses forced port mode and the connected peer device operates without auto-negotiation. Workaround: Enable auto-negotiation on the connected peer firewall.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-139718

Fixed an issue where the firewall failed stateful inspection for GTP forward relocation requests greater than 1,500 bytes and could not parse Access Point Name (APN) information in forward relocation requests.

Palo Alto Networks - Defect ID: PAN-139718

Fixed an issue where the firewall failed stateful inspection for GTP forward relocation requests greater than 1,500 bytes and could not parse Access Point Name (APN) information in forward relocation requests.

Last updated on Invalid date

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium