Miggo Logo
Miggo Vulnerability Database
CVE-2023-47345

CVE-2023-47345: free5gc Buffer Overflow vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-47345
GHSA ID
GHSA-6944-6pmv-6mp2
EPSS Score
0.4789%
CWE
CWE-120
Published
11/16/2023
Updated
11/21/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/free5gc/free5gcgo<= 3.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The stack trace shows a panic in ParseMultiIEs (ie.go:637) during HeartbeatRequest processing. The error 'slice bounds out of range [6:4]' indicates improper buffer slicing based on attacker-controlled length values. The HeartbeatRequest's UnmarshalBinary method (heartbeat-request.go:101) propagates untrusted input to ParseMultiIEs without sufficient validation. These functions form the critical path where malformed IE length handling leads to buffer overflow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*u***r Ov*r*low vuln*r**ility in *r***** *.*.* *llows *tt**k*rs to **us* * **ni*l o* s*rvi** vi* *r**t** P**P m*ss*** wit* m*l*orm** P**P ***rt***t m*ss*** w*os* R**ov*ry Tim* St*mp I* l*n*t* is mut*t** to z*ro.

Reasoning

T** st**k tr*** s*ows * p*ni* in `P*rs*MultiI*s` (i*.*o:***) *urin* `***rt***tR*qu*st` pro**ssin*. T** *rror 'sli** *oun*s out o* r*n** [*:*]' in*i**t*s improp*r *u***r sli*in* **s** on *tt**k*r-*ontroll** l*n*t* v*lu*s. T** `***rt***tR*qu*st`'s `Unm