Smf
Monthly
free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no official patch is currently available, requiring organizations to implement network-level mitigations such as ACL restrictions or PFCP message inspection.
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 interface, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no upstream patch is currently available. Organizations running affected SMF instances should restrict PFCP interface access to trusted UPF nodes and implement network-level filtering of malformed requests.
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interface, allowing unauthenticated remote attackers to cause denial of service via nil pointer dereference. Public exploit code exists for this vulnerability and no upstream patch is currently available. Network operators should restrict PFCP interface access to trusted UPF sources and consider implementing message validation at network boundaries.
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]
free5GC SMF versions up to 1.4.1 crash when receiving malformed PFCP SessionReportRequest packets on UDP port 8805, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no official patch is currently available, requiring organizations to implement network-level mitigations such as ACL restrictions or PFCP message inspection.
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the UDP/8805 interface, allowing unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and no upstream patch is currently available. Organizations running affected SMF instances should restrict PFCP interface access to trusted UPF nodes and implement network-level filtering of malformed requests.
free5GC SMF versions up to 1.4.1 crash when processing malformed PFCP SessionReportRequest messages on the PFCP interface, allowing unauthenticated remote attackers to cause denial of service via nil pointer dereference. Public exploit code exists for this vulnerability and no upstream patch is currently available. Network operators should restrict PFCP interface access to trusted UPF sources and consider implementing message validation at network boundaries.
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]