Description
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.
References (8)
Core 8
Core References
Signature, Permissions Required signature
permissions-required
VDB-354735 | CTI Indicators (IOB, IOC)
https://vuldb.com/vuln/354735/cti
Third Party Advisory third-party-advisory
Submit #781573 | Linux Foundation free5GC 4.2.0 Type Confusion
https://vuldb.com/submit/781573
Issue Tracking issue-tracking
https://github.com/free5gc/free5gc/issues/831
Patch issue-tracking
patch
https://github.com/free5gc/aper/pull/11
Exploit exploit
issue-tracking
https://github.com/free5gc/free5gc/issues/831#issue-3996453112
Product product
https://github.com/free5gc/free5gc/
Scores
CVSS v3
3.7
EPSS
0.0043
EPSS Percentile
33.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-843
Status
published
Products (2)
None/Free5GC
4.2.0
free5gc/free5gc
4.2.0
Published
Apr 02, 2026
Tracked Since
Apr 02, 2026