CVE-2023-47346 – A buffer overflow vulnerability in free5gc's UP... (How to Fix)

Q: What is the severity of CVE-2023-47346?

CVE-2023-47346 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in free5gc's UPF and SMF components allows attackers to cause denial of service by sending specially crafted PFCP messages. This affects organizations running vulnerable versions of free5gc, particularly those with internet-facing 5G core network functions.

📋 TL;DR

A buffer overflow vulnerability in free5gc's UPF and SMF components allows attackers to cause denial of service by sending specially crafted PFCP messages. This affects organizations running vulnerable versions of free5gc, particularly those with internet-facing 5G core network functions.

💻 Affected Systems

Products:

free5gc UPF
free5gc SMF

Versions: UPF 1.2.0, SMF 1.2.0, free5gc 3.3.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects deployments using the vulnerable PFCP message handling implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of 5G core network functions leading to widespread connectivity loss for mobile users.

🟠

Likely Case

Targeted denial of service against specific network functions causing localized service degradation.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring in place.

🌐 Internet-Facing: HIGH - PFCP messages can be sent from external networks if UPF/SMF interfaces are exposed.

🏢 Internal Only: MEDIUM - Requires access to internal network but could be exploited by compromised devices or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting valid PFCP messages but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issues for specific fixes

Vendor Advisory: https://github.com/free5gc/free5gc/issues/482

Restart Required: Yes

Instructions:

1. Check GitHub issue #482 for patches 2. Apply relevant code fixes 3. Rebuild affected components 4. Restart UPF and SMF services

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict PFCP traffic to trusted sources only

iptables -A INPUT -p udp --dport 8805 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network ACLs to limit PFCP traffic sources
Deploy intrusion detection systems to monitor for anomalous PFCP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check free5gc version and component versions against affected versions

Check Version:

Check free5gc documentation for version commands specific to your deployment

Verify Fix Applied:

Verify applied patches from GitHub issue and test with normal PFCP traffic

📡 Detection & Monitoring

Log Indicators:

Unusual PFCP message sizes
Service crashes/restarts of UPF/SMF
Memory allocation errors

Network Indicators:

Abnormally large PFCP packets
PFCP traffic from unexpected sources
High rate of PFCP association requests

SIEM Query:

source="free5gc" AND ("crash" OR "segfault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2023-47346

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: November 13, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/free5gc/free5gc/issues/482 Exploit,Issue Tracking
https://github.com/free5gc/free5gc/issues/482 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47346, you might also want to check these: