Ohnogood

**Name of the Vulnerable Software and Affected Versions** Free5gc version 4.0.1 **Description** The AMF component contains a buffer overflow issue due to incorrect validation of the 5GS mobile identity, leading to a slice reference overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free5gc version 4.0.0 **Description** The issue allows a remote attacker to cause a denial of service. It involves components such as AMF, NGAP, security.go, handler generated.go, and specific functions like `handleInitialUEMessageMain`, `DecodePlainNasNoIntegrityCheck`, and `GetSecurityHeaderType`. **Recommendations** For Free5gc version 4.0.0, consider disabling the `handleInitialUEMessageMain` function or restricting access to the NGAP and AMF components until a patch is available. Additionally, avoid using the `DecodePlainNasNoIntegrityCheck` and `GetSecurityHeaderType` functions in the affected components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.