free5GC UDM Leaks Sensitive Error Messages to Remote Clients

Summary

The free5GC Unified Data Management (UDM) service in versions up to 1.4.1 may leak internal error messages to remote clients, potentially exposing sensitive information. This could be used to identify the system's implementation and potentially even target attacks. To fix this issue, update to a version of free5GC with the patch.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
free5gc	udm	<= 1.4.1	–

Original title

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leak...

Original description

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.ParseInt parsing errors) to remote clients when processing invalid pduSessionId inputs. This exposes implementation details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UECM DELETE service may be vulnerable. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.

nvd CVSS3.1 7.5

nvd CVSS4.0 6.6

Vulnerability type

CWE-20 Improper Input Validation

CWE-754

https://github.com/free5gc/free5gc/issues/750 Exploit Issue Tracking Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-6w77-5pqh-83rm Patch Vendor Advisory
https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998 Patch
https://github.com/free5gc/udm/pull/76 Issue Tracking Patch