CVE-2023-47347 – A buffer overflow vulnerability in free5gc 3.3.... (How to Fix)

Q: What is the severity of CVE-2023-47347?

CVE-2023-47347 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in free5gc 3.3.0 allows attackers to cause denial of service by sending specially crafted PFCP messages with manipulated sequence numbers. This affects organizations running vulnerable versions of free5gc, an open-source 5G core network implementation.

📋 TL;DR

A buffer overflow vulnerability in free5gc 3.3.0 allows attackers to cause denial of service by sending specially crafted PFCP messages with manipulated sequence numbers. This affects organizations running vulnerable versions of free5gc, an open-source 5G core network implementation.

💻 Affected Systems

Products:

free5gc

Versions: 3.3.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using free5gc 3.3.0 with PFCP functionality enabled is vulnerable.

📦 What is this software?

Free5gc by Free5gc

View all CVEs affecting Free5gc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the 5G core network functions, potentially affecting all connected devices and services.

🟠

Likely Case

Service instability or crashes of affected free5gc components, leading to partial network outages.

🟢

If Mitigated

Minimal impact if proper network segmentation and monitoring are in place to detect and block malicious PFCP traffic.

🌐 Internet-Facing: HIGH - PFCP interfaces may be exposed to untrusted networks in 5G deployments.

🏢 Internal Only: MEDIUM - Even internal attackers could exploit this if they have network access to PFCP interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted PFCP messages to vulnerable interfaces, which is straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3.0

Vendor Advisory: https://github.com/free5gc/free5gc/issues/496

Restart Required: Yes

Instructions:

1. Update free5gc to the latest version. 2. Restart all free5gc services. 3. Verify PFCP functionality is working correctly.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to PFCP interfaces using firewall rules to only trusted sources.

iptables -A INPUT -p udp --dport 8805 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit who can send PFCP messages to vulnerable systems.
Deploy intrusion detection systems to monitor for anomalous PFCP traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check free5gc version: grep -i version /path/to/free5gc/config/files or check deployment manifests.

Check Version:

free5gc version or check package manager (e.g., dpkg -l | grep free5gc)

Verify Fix Applied:

Confirm free5gc version is updated beyond 3.3.0 and monitor system logs for stability.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes
Memory allocation errors in free5gc logs
PFCP protocol errors

Network Indicators:

Unusual volume of PFCP messages from single sources
PFCP messages with abnormal sequence numbers

SIEM Query:

source="free5gc" AND ("crash" OR "segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2023-47347

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: November 15, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/free5gc/free5gc/issues/496 Exploit,Issue Tracking
https://github.com/free5gc/free5gc/issues/496 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47347, you might also want to check these: