free5gc PCF Null Pointer Dereference Vulnerability
Vulnerability
A null pointer dereference vulnerability has been identified in free5gc PCF version 1.4.0. The issue arises in the file internal/sbi/processor/ampolicy.go, within the function HandleDeletePoliciesPolAssoId. The vulnerability occurs because the function does not properly handle errors when a policy association ID is not found, leading to a nil pointer dereference. Additionally, the function incorrectly responds with a body content when returning a 204 No Content status, violating HTTP response standards.
Impact
Exploitation of this vulnerability causes a null pointer dereference, which can lead to a program crash or unintended behavior.
Reproduction
To reproduce this vulnerability, send a DELETE request to the PCF's 'npcf-am-policy-control/v1/policies' endpoint with a non-existent policy association ID. The request should include a valid authorization token. The server will respond with a 404 Not Found status, but the logs will show a panic due to the null pointer dereference, indicating that the vulnerability has been successfully exploited.
Remediation
Users can update to free5gc PCF version 1.4.1, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.