Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue.
This leaks internal error handling behavior, making it difficult for clients to distinguish between client-side errors and server-side failures. The issue has been patched in version 1.4.2.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Free5gc Udm
cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*
|
— |
1.4.2
|
References 3
https://github.com/free5gc/free5gc/security/advisories/GHSA-5rvc-5cwx-g5x8
https://github.com/free5gc/free5gc/security/advisories/GHSA-5rvc-5cwx-g5x8
https://github.com/free5gc/free5gc/issues/784
https://github.com/free5gc/free5gc/issues/784
https://github.com/free5gc/udm/pull/79
https://github.com/free5gc/udm/pull/79