GHSA-vgq7-9r5r-j9v3

Suggest an improvement
Source
https://github.com/advisories/GHSA-vgq7-9r5r-j9v3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-vgq7-9r5r-j9v3/GHSA-vgq7-9r5r-j9v3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-vgq7-9r5r-j9v3
Aliases
Published
2025-11-24T18:31:12Z
Modified
2025-12-03T19:43:23.158786Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API
Details

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2025-11-24T16:15:49Z",
    "github_reviewed_at": "2025-11-25T21:01:13Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-617"
    ]
}
References

Affected packages

Go / github.com/free5gc/pcf

Package

Name
github.com/free5gc/pcf
View open source insights on deps.dev
Purl
pkg:golang/github.com/free5gc/pcf

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0