{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33062", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T19:27:06.343Z", "datePublished": "2026-03-20T02:46:56.378Z", "dateUpdated": "2026-03-20T02:46:56.378Z"}, "containers": {"cna": {"title": "free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/free5gc/free5gc/security/advisories/GHSA-7c47-xr7q-p6hg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-7c47-xr7q-p6hg"}, {"name": "https://github.com/free5gc/free5gc/issues/777", "tags": ["x_refsource_MISC"], "url": "https://github.com/free5gc/free5gc/issues/777"}, {"name": "https://github.com/free5gc/nrf/pull/80", "tags": ["x_refsource_MISC"], "url": "https://github.com/free5gc/nrf/pull/80"}, {"name": "https://github.com/free5gc/nrf/commit/dac77d8f8f2e0f041c5634fb3c685dcb9734b872", "tags": ["x_refsource_MISC"], "url": "https://github.com/free5gc/nrf/commit/dac77d8f8f2e0f041c5634fb3c685dcb9734b872"}], "affected": [{"vendor": "free5gc", "product": "nrf", "versions": [{"version": "< 1.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T02:46:56.378Z"}, "descriptions": [{"lang": "en", "value": "free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The `EncodeGroupId` function attempts to access array indices [0], [1], [2] without validating the length of the split data. When the parameter contains insufficient separator characters, the code panics with \"index out of range\". A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed `group-id-list` parameter. This results in complete denial of service for the NRF discovery service. free5GC NRF version 1.4.2 fixes the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the NRF API to trusted sources only."}], "source": {"advisory": "GHSA-7c47-xr7q-p6hg", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The `EncodeGroupId` function attempts to access array indices [0], [1], [2] without validating the length of the split data. When the parameter contains insufficient separator characters, the code panics with \"index out of range\". A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed `group-id-list` parameter. This results in complete denial of service for the NRF discovery service. free5GC NRF version 1.4.2 fixes the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the NRF API to trusted sources only."}], "id": "CVE-2026-33062", "lastModified": "2026-03-20T03:16:01.097", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T03:16:01.097", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/free5gc/free5gc/issues/777"}, {"source": "security-advisories@github.com", "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-7c47-xr7q-p6hg"}, {"source": "security-advisories@github.com", "url": "https://github.com/free5gc/nrf/commit/dac77d8f8f2e0f041c5634fb3c685dcb9734b872"}, {"source": "security-advisories@github.com", "url": "https://github.com/free5gc/nrf/pull/80"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nrf", "source": "cna", "vendor": "free5gc"}, "product": "nrf", "vendor": "free5gc"}], "analysis": {"en": {"generated_at": "2026-03-20T04:21:47.251770+00:00", "value": {"mitigation_remediation": ["Apply the official patch by upgrading to free5GC NRF version 1.4.2 or later. ", "If upgrading is not immediately possible, restrict access to the NRF API endpoint so that only trusted, internal network sources can communicate with the service. ", "Continuously monitor logs for unexpected service crashes and validate that the patch is correctly in place."], "summary": {"action": "Patch or Restrict", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All free5GC NRF deployments using the discovery service that run a version earlier than 1.4.2 are affected. The issue was fixed in free5GC NRF version 1.4.2; later releases are not impacted. The patch can be applied by updating to the latest NRF release or by pulling the upstream patch commit DAC77D8F8F2E0F041C5634FB3C685DCB9734B872 from the source repository.", "description_and_impact": "The vulnerability in free5GC NRF emerges from improper input validation in the EncodeGroupId function, which accesses array indices [0], [1], and [2] without first verifying that the split data is long enough. When an attacker supplies a malformed group-id-list parameter with insufficient separator characters in an HTTP GET request, the NRF service panics and crashes, resulting in a total denial of service. This failure falls under the CWE-284 (Improper Access Control) weak\u00adness. The impact is that the NRF discovery service becomes unavailable, potentially disrupting the entire 5G core network that relies on NRF for service discovery and registration.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.7, indicating a high severity. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, the likely attack vector is a remote attacker able to send a crafted HTTP GET request, and no authentication or elevated privileges are required to trigger the crash. Consequently, the risk of exploitation is high and the potential for widespread denial of service is significant."}}}}, "created": "2026-03-20T08:52:59.493263+00:00", "updated": "2026-03-20T10:37:43.396130+00:00", "vendors": ["free5gc", "free5gc$PRODUCT$nrf"]}