free5GC UDR Policy Data Subscription Fail-Open Request Handling Vulnerability

A fail-open request handling vulnerability has been identified in the free5GC User Data Repository (UDR) service, specifically in versions through 1.4.2. The issue arises in the POST handler for the '/nudr-dr/v2/policy-data/subs-to-notify' endpoint, where the service continues to process requests despite encountering errors in retrieving or deserializing the request body. This flaw may lead to the unintended creation of Policy Data notification subscriptions with invalid, empty, or partially processed input, depending on how downstream processors handle such data.

Impact

Exploitation of this vulnerability may result in the creation of invalid or unintended Policy Data notification subscriptions, leading to inconsistent request handling and potential disruptions in subscription management.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/nudr-dr/v2/policy-data/subs-to-notify' endpoint with a malformed or incomplete JSON body. The request will be processed despite the input errors, allowing for the creation of a subscription with invalid data.