CVE-2022-43677

Name of the Vulnerable Software and Affected Versions free5GC version 3.2.1

Description The issue is related to a malformed NGAP message that can cause the AMF and NGAP decoders to crash due to an index-out-of-range panic in the aper.GetBitString function. This can lead to a denial of service. The vulnerability is associated with incorrect resource cleanup or deallocation in the NGAP Message Handler component of the free5GC software.

Recommendations For free5GC version 3.2.1, consider disabling the aper.GetBitString function as a temporary workaround to prevent the crash of the AMF and NGAP decoders until a patch is available. Restrict access to the NGAP Message Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.