PT-2023-30422 · Free5Gc+2 · Free5Gc+2
Tjbdlq
·
Published
2023-11-13
·
Updated
2023-11-20
·
CVE-2023-47346
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
free5gc version 3.3.0
UPF version 1.2.0
SMF version 1.2.0
Description
The issue allows attackers to cause a denial of service via crafted PFCP messages. This is a Buffer Overflow vulnerability.
Recommendations
For free5gc version 3.3.0, update to a version that fixes the Buffer Overflow vulnerability.
For UPF version 1.2.0, update to a version that fixes the Buffer Overflow vulnerability.
For SMF version 1.2.0, update to a version that fixes the Buffer Overflow vulnerability.
As a temporary workaround, consider restricting the use of crafted PFCP messages to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smf
Upf
Free5Gc