x/vulndb: potential Go vuln in github.com/free5gc/nssf: GHSA-f2hj-vpp9-6vm2 #4163
Description
Advisory GHSA-f2hj-vpp9-6vm2 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/free5gc/nssf |
Description:
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
References:
- ADVISORY: GHSA-f2hj-vpp9-6vm2
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-60638
- FIX: free5gc/nssf@66fc727
- REPORT: [Bugs] NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST api request free5gc/free5gc#704
- WEB: https://github.com/free5gc/free5gc
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/free5gc/nssf
versions:
- fixed: 1.4.0
vulnerable_at: 1.3.2
summary: |-
NSSF panic due to nil pointer dereference when expiry field is omitted in
NSSAIAvailability POST in github.com/free5gc/nssf
cves:
- CVE-2025-60638
ghsas:
- GHSA-f2hj-vpp9-6vm2
references:
- advisory: https://github.com/advisories/GHSA-f2hj-vpp9-6vm2
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-60638
- fix: https://github.com/free5gc/nssf/commit/66fc727a894fa821fde14030346b18de69192204
- report: https://github.com/free5gc/free5gc/issues/704
- web: https://github.com/free5gc/free5gc
source:
id: GHSA-f2hj-vpp9-6vm2
created: 2025-11-25T22:01:02.53591181Z
review_status: UNREVIEWED