Alonza0314

**Name of the Vulnerable Software and Affected Versions** Free5GC versions prior to 1.4.2 **Description** Free5GC is an open-source 5G mobile core network project. Versions prior to 1.4.2 are susceptible to a null byte injection issue in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the `supi` path parameter of the UDM's `Nudm SubscriberDataManagement` API. This causes a failure in URL parsing within Go’s `net/url` package, resulting in a 500 Internal Server Error. This can be exploited to launch denial of service attacks. Specifically, when the `supi` parameter includes null characters, the UDM attempts to construct a URL for UDR containing these characters. Go’s URL parser rejects these characters, causing the request to fail. The affected API endpoint is `/nudm-sdm/v2/{supi}/am-data`. **Recommendations** Upgrade to Free5GC version 1.4.2 or later. As a temporary workaround, implement API gateway-level validation to reject requests containing null bytes in path parameters before they reach UDM.

**Name of the Vulnerable Software and Affected Versions** free5gc UDM versions up to and including 1.4.1 **Description** free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. Remote attackers can inject control characters, such as %00, into the `supi` parameter. This injection triggers internal URL parsing errors (net/url: invalid control character), potentially exposing system-level error details and enabling service fingerprinting. All deployments of free5GC utilizing the UDM Nudm UEAU service may be affected. **Recommendations** Versions up to and including 1.4.1: Apply the official patch from free5gc/udm pull request 75.