amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from unknown parts of the NGSetupRequest Handler component, potentially leading to memory corruption...

GHSA-VRRX-58H3-PRMH Free5GC AMF has Missing Concurrent NAS SMC Validation During NGAP Handover

Summary The AMF in Free5GC v4.2.1 does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS...

CVE-2026-41136

free5GC AMF provides Access & Mobility Management Function AMF for free5GC, an an open-source project for 5th generation 5G mobile core networks. Prior to version 1.4.3, the HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switc...

CVE-2025-69248

Summary (CVE-2025-69248) Affected: free5GC AMF service (versions up to and including 1.4.1). Vulnerability: Buffer overflow in NAS data handling, triggered by a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity. Impact: Denial of Service to the AMF and, by exte...

CVE-2025-70121

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method NASMobileIdentity5GS.go when accessing index 5 of ...

GO-2022-1083 Panic on malformed messages in github.com/free5gc/aper

A malformed message can crash the free5gc/amf and free5gc/ngap decoders via an index-out-of-range panic in aper.GetBitString...