Tjbdlqo

**Name of the Vulnerable Software and Affected Versions** free5gc version 3.3.0 **Description** The issue allows attackers to cause a denial of service via crafted PFCP messages whose `Sequence Number` is mutated to overflow bytes. This can be achieved by exploiting a Buffer Overflow vulnerability. **Recommendations** For free5gc version 3.3.0, as a temporary workaround, consider restricting the handling of crafted PFCP messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** free5gc version 3.3.0 **Description** The issue is related to incorrect clearance or release of resources in the free5gc software, which is used for organizing mobile networks of the 5th generation (5G). This can be exploited by a remote attacker using a specially crafted PFCP message, potentially leading to a denial of service. Specifically, the vulnerability involves a buffer overflow that can be triggered by a crafted PFCP message with a malformed PFCP Heartbeat message, where the Recovery Time Stamp IE length is mutated to zero. **Recommendations** For free5gc version 3.3.0, consider disabling the handling of PFCP Heartbeat messages until a patch is available to prevent the buffer overflow. Additionally, restrict access to the PFCP interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.