Primary

Context

Free5gc Buffer Overflow Vulnerability in AMF Component Allowing Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in Free5gc version 4.0.1 within the Access and Mobility Management Function (AMF). The issue arises because the AMF improperly validates the 5GS mobile identity, leading to an overflow in the slice reference. This flaw can be exploited by sending crafted NGAP messages, causing the AMF to crash.

Impact

Exploitation of this vulnerability leads to a crash of the AMF component, causing a denial-of-service condition in the 5G core network.

Reproduction

To reproduce this vulnerability, first start the Free5gc 5G core network. Then, send an NGAP message of 'NGSetupRequest' to the AMF over SCTP. After that, send another NGAP message of 'InitialUEMessage' that includes a valid NAS PDU. The AMF will crash upon processing this message.

Remediation

Users can update to Free5gc version 4.0.2, where this vulnerability has been fixed.

Added: Sep 23, 2025, 6:22 PM

Updated: Sep 23, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Free5gc Buffer Overflow Vulnerability in AMF Component Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Free5gc

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating