free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended creation of Policy Data notification subscriptions with invalid, empty, or partially processed input, depending on downstream processor behavior. As of time of publication, a patched version is not available.

N/A

对因果或异常条件的不恰当检查

free5GC 代码问题漏洞

free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC 1.4.2及之前版本存在代码问题漏洞，该漏洞源于UDR服务中存在开放式失败请求处理缺陷，导致POST处理程序即使在请求体检索或反序列化错误后仍继续处理请求，可能允许使用无效、空或部分处理的输入创建策略数据通知订阅。

N/A

N/A