free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service.
All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
References 4
https://github.com/free5gc/free5gc/issues/752
security-advisories@github.com
https://github.com/free5gc/free5gc/security/advisories/GHSA-v8cv-qvf6-9rpm
security-advisories@github.com
https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998
security-advisories@github.com
https://github.com/free5gc/udm/pull/76
security-advisories@github.com