5G Network Component Fails Due to Malicious Data

Summary

Versions of free5GC's go-upf component prior to 1.2.8 are vulnerable to a critical issue that can cause a 5G network component to crash if it receives specially crafted data. This can lead to a service disruption for all connected users and potentially cause further problems in the network. Upgrade to version 1.2.8 or later to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
free5gc	go-upf	<= 1.2.8	–

Original title

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability...

Original description

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.

nvd CVSS3.1 7.5

nvd CVSS4.0 2.7

Vulnerability type

CWE-122 Heap-based Buffer Overflow

https://github.com/free5gc/free5gc/issues/746 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-gf69-93xr-p23g Patch Vendor Advisory
https://github.com/free5gc/go-upf/commit/b798fe5ee6a984be492fa53958dd5f1305469f8... Patch
https://github.com/free5gc/go-upf/pull/85 Issue Tracking Patch