Lucene search
K

72 matches found

Snyk
Snyk
added 2026/03/23 6:14 p.m.3 views

Missing Default Case in Switch Statement

Overview Affected versions of this package are vulnerable to Missing Default Case in Switch Statement in the DataChangeNotification process due to a nil pointer dereference. An attacker can cause a panic and disrupt service availability by triggering this process with crafted input. Remediation...

8.7CVSS5.9AI score0.00486EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 6:14 p.m.5 views

GO-2026-4757 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference in github.com/free5gc/udm

free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference in github.com/free5gc/udm...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/20 8:9 a.m.4 views

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 8:3 a.m.34 views

CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS0.00282EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 8:0 a.m.13 views

CVE-2026-33064

CVE-2026-33064 (Free5GC UDM) affects Free5GC prior to 1.4.2. A crafted POST to /sdm-subscriptions with path traversal and a large JSON payload can trigger a nil pointer dereference in DataChangeNotificationProcedure (notifier.go), causing the UDM service to panic and crash. Impact is disruption o...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 8:0 a.m.6 views

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS6.3AI score0.00486EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/20 8:0 a.m.4 views

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:54 a.m.2 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.5 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 12:0 a.m.5 views

UBUNTU-CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.12 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...

8.7CVSS6.4AI score0.00321EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of UDM errors; when a downstream error of 400 was converted to an error of 500, it could lea...

6.9CVSS6.4AI score0.00282EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 12:0 a.m.5 views

UBUNTU-CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.3 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5
OSV
OSV
added 2026/03/18 8:11 p.m.5 views

GHSA-P9HG-PQ3Q-V9GV free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.10 views

CVE-2025-69251

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the ueId parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.4AI score0.00462EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/24 12:18 a.m.3 views

CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.3AI score0.00506EPSS
Exploits1References4
OSV
OSV
added 2026/02/24 12:18 a.m.7 views

CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.5AI score0.00506EPSS
Exploits1References6
NVD
NVD
added 2026/02/24 12:16 a.m.6 views

CVE-2025-69251

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the ueId parameter, triggering internal URL parsing errors net/url:...

8.7CVSS0.00462EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.9 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing, which could allow remote unauthenticated attackers to trigger a service pan...

8.7CVSS5.9AI score0.0051EPSS
Exploits1References4
Rows per page
Query Builder