漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer
Vulnerability Description
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-Type` switch statement. When a request arrives with an unsupported `Content-Type`, the deserialization step is silently skipped, `err` remains `nil`, and the processor is invoked with a completely uninitialized `UeContextTransferRequest` object. Version 1.4.3 contains a fix.
CVSS Information
N/A
Vulnerability Type
预期行为违背
Vulnerability Title
free5GC 安全漏洞
Vulnerability Description
free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC 1.4.3之前版本存在安全漏洞,该漏洞源于HTTPUEContextTransfer处理程序在Content-Type switch语句中缺少default情况,当请求包含不受支持的Content-Type时,可能导致使用未初始化的UeContextTransferRequest对象。
CVSS Information
N/A
Vulnerability Type
N/A