## Vulnerability Key Information ### Vulnerability Description - **Issue**: In UDM's Nudm_SDM GET request, if the `single-nssai` parameter is missing, it incorrectly returns a 500 Internal Server Error. - **Cause**: The handler attempts to deserialize an empty string as JSON without checking whether the parameter exists. ### Trigger Steps 1. Start free5gC using Docker Compose. 2. Identify the IP and port of the UDM component. 3. If OAuth is enabled, obtain a valid Authorization Token for the NudmSDM service. 4. Execute the following command: ``` curl -v -X GET "http://UDM_IP:UDM_PORT/nudm-sdm/v2/fuzzstring/sm-data" -H "Accept: application/json" -H "Authorization: Bearer " ``` ### Expected Behavior - If the parameter is absent, the service should handle the request normally without requiring a `single-nssai` filter. - If the parameter exists but is malformed, it should return a 400 Bad Request status code. - If the parameter exists and is valid, it should appropriately apply the filter and process the request. ### Environment - free5gC Version: v4.0.0 - Operating System: Ubuntu 24.04 Server ### Fix Solution - Implement robust parameter validation for the `single-nssai` query parameter, including checks to verify its existence or validity, to avoid calling `json.Unmarshal` on invalid or missing data. ### Additional Information - Related configuration files, PCAP files, and log files are available for further analysis. - This issue was observed in free5gC v4.0.0 and remains present in the latest version. - The issue has been resolved via pull request #66 and confirmed to fix CVE-2025-60633.