Free5gc: Security Vulnerabilities
An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-18
The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID (e.g., 0xFFFFFFFFFFFFFFFF) that causes an integer conversion/underflow in LocalNode.DeleteSess() / LocalNode.Sess() when a uint64 SEID is converted to int and used in index arithmetic. This leads to a negative index into n.sess and a Go runtime panic, resulting in a denial of service (UPF crash). The issue has been reproduced on free5GC v4.1.0 with crashes observed in the session lookup/deletion path in internal/pfcp/node.go; other versions may also be affected. No authentication is required.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-12-18
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-24
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-24
free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-12
Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-23
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-29
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.
CVSS Score
7.5
EPSS Score
0.031
Published
2023-12-22
An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-16
Page 1