Skip to main content

Suse CVE-2026-33192

MEDIUM
Error Message Information Leak (CWE-209)
2026-03-18 https://github.com/free5gc/udm GHSA-5rvc-5cwx-g5x8
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 18, 2026 - 20:15 vuln.today
Patch released
Mar 18, 2026 - 20:15 nvd
Patch available
CVE Published
Mar 18, 2026 - 20:11 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue.

  • Security Impact: The UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue. This leaks internal error handling behavior and makes it difficult for clients to distinguish between client-side errors and server-side failures.
  • Functional Impact: When a client sends a PATCH request with an empty supi (e.g., double slashes // in URL path), the UDM forwards a PUT request to UDR with the malformed path, which correctly returns 400. However, UDM propagates this as 500 SYSTEM_FAILURE instead of returning the appropriate 400 error to the client. This violates REST API best practices for PATCH operations and may indicate improper HTTP method handling.
  • Affected Parties: All deployments of free5GC v4.0.1 using the UDM Nudm_SDM service with PATCH operations on sdm-subscriptions endpoint.

Patches Yes, the issue has been patched. The fix is implemented in PR free5gc/udm#79. Users should upgrade to the next release of free5GC that includes this commit.

Workarounds There is no direct workaround at the application level. The recommendation is to apply the provided patch or implement API gateway-level validation to reject PATCH requests with empty path parameters before they reach UDM.

AnalysisAI

UDM incorrectly converts client-side errors to server-side errors and mistranslates PATCH requests to PUT when forwarding to UDR, exposing internal error handling behavior that prevents clients from distinguishing between legitimate client errors and actual server failures. An unauthenticated remote attacker can exploit this by sending PATCH requests with malformed parameters to leak information about the service's internal architecture and error handling mechanisms. A patch is available to address this HTTP method translation and improper error handling issue.

Technical ContextAI

This vulnerability affects the free5GC open-source 5G core network implementation, specifically the UDM (User Data Management) component written in Go (CPE: pkg:go/github.com_free5gc_udm). The issue is rooted in CWE-209 (Generation of Error Message Containing Sensitive Information) and involves two architectural problems: improper HTTP method translation (PATCH to PUT) when forwarding requests to the UDR (Unified Data Repository), and incorrect error code mapping that converts client errors (400) into server errors (500). The Nudm_SDM service interface handles subscriber data management operations in 5G networks following 3GPP specifications, where proper REST semantics and error handling are critical for service orchestration and troubleshooting.

RemediationAI

Upgrade to the next release of free5GC that includes the patch from pull request https://github.com/free5gc/udm/pull/79. Users currently on free5GC v4.0.1 should monitor the project's release page at https://github.com/free5gc/free5gc for the patched version. As an interim mitigation, implement API gateway-level validation to reject PATCH requests with empty or malformed path parameters (such as double slashes) before they reach the UDM component. Network segmentation and access control should ensure that only authorized 5G network components can communicate with UDM services. Review the full advisory at https://github.com/advisories/GHSA-5rvc-5cwx-g5x8 for additional context.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-33192 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy