Is Null Pointer Dereference affected by CVE-2026-33064?

A critical vulnerability in free5GC v4.0.1's UDM service allows attackers to remotely crash the service, causing complete disruption of subscriber data management functionality.

CVE-2026-33064

HIGH

2026-03-18 https://github.com/free5gc/udm

GHSA-7g27-v5wj-jr75

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 18, 2026 - 20:15 vuln.today

Patch Released

Mar 18, 2026 - 20:15 nvd

Patch available

CVE Published

Mar 18, 2026 - 20:06 nvd

HIGH 7.5

Description

**Impact** This is a NULL Pointer Dereference vulnerability leading to Denial of Service. - **Security Impact**: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the `/sdm-subscriptions` endpoint with a malformed URL path containing path traversal sequences (`../`) and a large JSON payload. The `DataChangeNotificationProcedure` function in `notifier.go` attempts to access a nil pointer without proper validation, causing a complete service crash with "runtime error: invalid memory address or nil pointer dereference". - **Functional Impact**: The service crashes completely, requiring manual restart. All UDM functionality is disrupted until recovery. - **Affected Parties**: All deployments of free5GC v4.0.1 using the UDM HTTP callback functionality. **Patches** Yes, the issue has been patched. The fix is implemented in PR free5gc/udm#78. Users should upgrade to the next release of free5GC that includes this commit. **Workarounds** There is no direct workaround at the application level. The recommendation is to apply the provided patch or implement API gateway-level filtering to block requests containing path traversal sequences.

Analysis

A NULL pointer dereference vulnerability in free5GC v4.0.1's UDM (Unified Data Management) service allows remote attackers to crash the service via a crafted POST request to the /sdm-subscriptions endpoint containing path traversal sequences and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go fails to validate pointers before dereferencing, causing complete service disruption requiring manual restart. …

Remediation

Within 24 hours: Identify all free5GC v4.0.1 deployments with UDM HTTP callback enabled and assess exposure to untrusted network traffic. Within 7 days: Apply vendor patch via PR free5gc/udm#78 to all affected UDM instances, with testing in non-production environments first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +38

POC: 0

CVE-2026-33064 vulnerability details – vuln.today

Back

CVE-2026-33064

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-33064

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code