-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe vulnerability is a denial of service in the Npcf_BDTPolicyControl API of Free5GC. The analysis of the provided pull request and its commits reveals two main points of failure that were patched.
The primary vulnerable function is Processor.HandleCreateBDTPolicyContextRequest located in internal/sbi/processor/bdtpolicy.go. The vulnerability stems from an unsafe type assertion on the incoming request message. A crafted POST request could cause this type assertion to fail, triggering a panic and crashing the service. The patch replaces the unsafe assertion with a safer two-step process of type assertion and then taking the address.
A secondary related vulnerability was found in the nudrService.CreateBdtData function in internal/sbi/consumer/udr_service.go. This function was susceptible to a nil pointer dereference when creating a request to the UDR (Unified Data Repository). This could also lead to a panic and denial of service. The fix involves ensuring the BdtReferenceId is correctly populated.
Both functions are part of the processing logic for BDT (Background Data Transfer) policies and could be triggered by a malicious actor sending a crafted request to the Npcf_BDTPolicyControl endpoint, leading to a denial of service.
Processor.HandleCreateBDTPolicyContextRequestinternal/sbi/processor/bdtpolicy.go
nudrService.CreateBdtDatainternal/sbi/consumer/udr_service.go
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/free5gc/pcf | go | < 1.4.0 | 1.4.0 |
Ongoing coverage of React2Shell