Free5gc

Udm

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-33064

Exploit
  • EPSS 0.2%
  • Veröffentlicht 20.03.2026 08:16:12
  • Zuletzt bearbeitet 23.03.2026 18:43:25

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cau...

5.3

CVE-2026-33065

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 08:16:12
  • Zuletzt bearbeitet 23.03.2026 18:32:57

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling DELETE re...

8.6

CVE-2026-33191

  • EPSS 0.18%
  • Veröffentlicht 20.03.2026 08:16:12
  • Zuletzt bearbeitet 23.03.2026 18:24:15

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into t...

5.3

CVE-2026-33192

Exploit
  • EPSS 0.01%
  • Veröffentlicht 20.03.2026 08:09:07
  • Zuletzt bearbeitet 23.03.2026 18:32:46

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH req...

7.5

CVE-2026-27642

Exploit
  • EPSS 0.09%
  • Veröffentlicht 24.02.2026 00:18:56
  • Zuletzt bearbeitet 25.02.2026 16:44:26

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi param...

7.5

CVE-2025-69252

Exploit
  • EPSS 0.5%
  • Veröffentlicht 23.02.2026 23:56:55
  • Zuletzt bearbeitet 25.02.2026 16:46:15

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers ca...

5.3

CVE-2025-69251

Exploit
  • EPSS 0.09%
  • Veröffentlicht 23.02.2026 23:53:03
  • Zuletzt bearbeitet 25.02.2026 16:46:00

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the ueId param...

7.5

CVE-2025-69250

Exploit
  • EPSS 0.16%
  • Veröffentlicht 23.02.2026 23:45:02
  • Zuletzt bearbeitet 25.02.2026 16:45:38

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.Par...

7.5

CVE-2023-46324

  • EPSS 0.07%
  • Veröffentlicht 23.10.2023 01:15:07
  • Zuletzt bearbeitet 21.11.2024 08:28:18

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the U...