CVE-2023-47345

Name of the Vulnerable Software and Affected Versions free5gc version 3.3.0

Description The issue is related to incorrect clearance or release of resources in the free5gc software, which is used for organizing mobile networks of the 5th generation (5G). This can be exploited by a remote attacker using a specially crafted PFCP message, potentially leading to a denial of service. Specifically, the vulnerability involves a buffer overflow that can be triggered by a crafted PFCP message with a malformed PFCP Heartbeat message, where the Recovery Time Stamp IE length is mutated to zero.

Recommendations For free5gc version 3.3.0, consider disabling the handling of PFCP Heartbeat messages until a patch is available to prevent the buffer overflow. Additionally, restrict access to the PFCP interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.