free5GC has improper error handling in NEF with information exposure

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be affected. free5gc/udr pull request 56 contains a patch for the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch.

N/A

通过错误消息导致的信息暴露

free5GC 安全漏洞

free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC UDR 1.4.1及之前版本存在安全漏洞，该漏洞源于NEF组件泄露内部解析错误详情，可能有助于服务指纹识别。

N/A

N/A