free5GC has Null Pointer Dereference in UDM, Leading to Service Panic

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.

N/A

空指针解引用

free5GC 代码问题漏洞

free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC 1.4.1及之前版本存在代码问题漏洞，该漏洞源于存在空指针取消引用，可能导致远程未认证攻击者通过发送带有意外ueId的特制PUT请求触发服务恐慌，进而导致UDM服务崩溃。

N/A

N/A