Cyber Security Daily Radar

#cwe-820

共收录 2 条相关安全情报。

← 返回所有主题
INFO
VULNERABILITY 2026-05-27

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write ...

推荐 3.4
Conf: 50%
CVE-2026-44318

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), but if the subscription does not exist, ReplaceIndividualSubcription() writes back to the same map direct

💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 NVD
排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)
INFO
ADVISORY 2026-05-08

free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions

推荐 11.4
Conf: 50%
github.com/free5gc/bsf

### Summary free5GC's BSF `PUT /nbsf-management/v1/subscriptions/{subId}` handler has an unsynchronized write on the global `Subscriptions` map. The handler first reads the map under `RLock()` via `BSFContext.GetSubscription(subId)`, but if the subscription does not exist, `ReplaceIndividualSubcription()` writes back to the same map directly without taking the mutex (`bsfContext.BsfSelf.Subscripti

💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)

🎯 建议动作: 建议根据原文自行评估

来自 GitHub Advisory
排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | 影响关键基础设施/核心组件 (+4) | LLM 评分加成 (+0.4)