Skip to main content

Suse CVE-2026-33064

HIGH
NULL Pointer Dereference (CWE-476)
2026-03-18 https://github.com/free5gc/udm GHSA-7g27-v5wj-jr75
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 18, 2026 - 20:15 vuln.today
Patch released
Mar 18, 2026 - 20:15 nvd
Patch available
CVE Published
Mar 18, 2026 - 20:06 nvd
HIGH 7.5

DescriptionGitHub Advisory

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service.

  • Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequences (../) and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go attempts to access a nil pointer without proper validation, causing a complete service crash with "runtime error: invalid memory address or nil pointer dereference".
  • Functional Impact: The service crashes completely, requiring manual restart. All UDM functionality is disrupted until recovery.
  • Affected Parties: All deployments of free5GC v4.0.1 using the UDM HTTP callback functionality.

Patches Yes, the issue has been patched. The fix is implemented in PR free5gc/udm#78. Users should upgrade to the next release of free5GC that includes this commit.

Workarounds There is no direct workaround at the application level. The recommendation is to apply the provided patch or implement API gateway-level filtering to block requests containing path traversal sequences.

AnalysisAI

A NULL pointer dereference vulnerability in free5GC v4.0.1's UDM (Unified Data Management) service allows remote attackers to crash the service via a crafted POST request to the /sdm-subscriptions endpoint containing path traversal sequences and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go fails to validate pointers before dereferencing, causing complete service disruption requiring manual restart. All deployments of free5GC v4.0.1 utilizing UDM HTTP callback functionality are affected, and a patch is available via PR free5gc/udm#78.

Technical ContextAI

This vulnerability affects the UDM (Unified Data Management) component of free5GC, an open-source 5G core network implementation written in Go (pkg:go/github.com_free5gc_udm). The UDM service handles subscriber data management and registration procedures in 5G networks. The vulnerability is classified as CWE-476 (NULL Pointer Dereference), occurring in the DataChangeNotificationProcedure function within notifier.go when processing HTTP callback subscriptions. When the service receives a malformed request with path traversal sequences (../) to the /sdm-subscriptions endpoint, it attempts to dereference a nil pointer without prior validation, triggering a runtime panic with 'invalid memory address or nil pointer dereference'. This represents a critical flaw in input validation and error handling within the Go-based HTTP request processing logic.

RemediationAI

Upgrade to the next release of free5GC that includes the fix from PR https://github.com/free5gc/udm/pull/78 (commit 65d7070f4bfd016864cbbaefbd506bbc85d2fa92). Organizations unable to immediately upgrade should implement API gateway-level filtering to block HTTP requests containing path traversal sequences (../) directed at the /sdm-subscriptions endpoint. Additional hardening measures include restricting network access to the UDM service to trusted 5G core network components only, implementing rate limiting on the subscription endpoints, and deploying monitoring to detect repeated crash-and-restart patterns indicative of exploitation attempts. Review the vendor security advisory at https://github.com/free5gc/free5gc/security/advisories/GHSA-7g27-v5wj-jr75 for complete guidance.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-33064 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy