CVE-2026-33063
Improper Null Check in free5GC AUSF Causes DoS
Publication date: 2026-03-20
Last updated on: 2026-03-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| free5gc | free5gc | to 1.4.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-33063 is a vulnerability in the AUSF (Authentication Server Function) component of free5GC, an open source 5G core network. The issue is an improper null check in the function GetSupiFromSuciSupiMap, which attempts to convert an interface{} to a *context.SuciSupiMap pointer without verifying if the underlying value is nil.'}, {'type': 'paragraph', 'content': 'When the SuciSupiMap is nil, this causes a panic with the error message "interface conversion: interface {} is nil, not *context.SuciSupiMap," leading to a crash of the AUSF service. This vulnerability can be triggered remotely by sending a crafted UE authentication request to the AUSF UE authentication endpoint, resulting in a denial of service.'}, {'type': 'paragraph', 'content': 'The root cause is the lack of checks for the existence of required context during the resynchronization procedure in UE authentication, which leads to a nil pointer dereference and server panic.'}, {'type': 'paragraph', 'content': 'The issue was fixed by adding explicit checks to verify the presence of the SUCI to SUPI mapping and AUSF UE context before proceeding, preventing nil pointer dereferences and improving error handling.'}] [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can cause the AUSF authentication service in free5GC to panic and crash when processing certain UE authentication requests. As a result, the AUSF service becomes unavailable, leading to a complete denial of service for UE authentication.
Since AUSF is a critical component in the 5G core network responsible for authenticating user equipment, its unavailability can disrupt network operations, prevent legitimate users from authenticating, and degrade overall network reliability.
There is no direct application-level workaround; mitigation requires applying the patch that adds proper null checks or restricting access to the AUSF API to trusted sources only.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring the AUSF UE authentication service logs for panic or crash messages related to nil interface conversion errors. Specifically, look for log entries indicating a panic with the message "interface conversion: interface {} is nil, not *context.SuciSupiMap" during UE authentication requests.'}, {'type': 'paragraph', 'content': 'Additionally, reproduction of the issue involves sending a crafted UE authentication POST request to the AUSF endpoint `/nausf-auth/v1/ue-authentications` that triggers the panic. Monitoring for service crashes or denial of service during such requests can indicate the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'Suggested commands include using curl or similar HTTP clients to send test POST requests to the AUSF UE authentication endpoint with crafted JSON payloads containing SUCI and authentication parameters to observe if the service crashes.'}, {'type': 'list_item', 'content': 'Example curl command to test the endpoint (replace with appropriate payload):'}, {'type': 'list_item', 'content': 'curl -X POST http://<ausf-host>:<port>/nausf-auth/v1/ue-authentications -H "Content-Type: application/json" -d \'{"suci": "<crafted_suci>", "other_auth_params": "..."}\''}, {'type': 'paragraph', 'content': 'Monitoring system logs and service status after such requests can help detect if the vulnerability is being triggered.'}] [4]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to apply the patch that fixes the improper null check in the AUSF UE authentication service. This patch is included in free5GC AUSF version 1.4.2 and later.
If immediate patching is not possible, restrict access to the AUSF API endpoint `/nausf-auth/v1/ue-authentications` to trusted sources only, to prevent remote attackers from sending crafted requests that trigger the denial of service.
No direct application-level workaround exists other than applying the patch or restricting access.
- Upgrade free5GC AUSF to version 1.4.2 or later.
- Restrict network access to the AUSF UE authentication endpoint to trusted clients.