free5GC User Data Repository Improper Error Handling Vulnerability in NEF Component

A vulnerability exists in the free5GC User Data Repository (UDR) component, specifically in versions through 1.4.1, within the 5G mobile core network framework. The issue arises from improper error handling that leads to information exposure. When the Nnef_PfdManagement service is used and a requested application PFD data is not found, the UDR incorrectly returns a 404 error. Instead of properly mapping this to a client-side error, the NEF component attempts to parse the UDR's error response as JSON, fails, and subsequently returns a 500 Internal Server Error. This not only misrepresents the error state but also leaks internal parsing error details to remote clients, potentially aiding in service fingerprinting.

Impact

This vulnerability causes the NEF component to return misleading 500 Internal Server Error responses for situations that should be handled as client-side errors, such as 404 Not Found. This misrepresentation can obscure important error boundaries and complicate troubleshooting efforts.

Reproduction

To reproduce this vulnerability, send a GET request to the Nnef_PfdManagement API for an application PFD that does not exist. The UDR will respond with a 404 error, but the NEF component will misinterpret this as a server error, returning a 500 Internal Server Error instead. This can be verified by including the 'supported-features' parameter in the request, which triggers the error handling flaw.

Remediation

Users are advised to upgrade to free5GC version 1.4.2 or later, where this vulnerability has been patched.