Out-of-Bounds Slice Access in free5GC CHF Leading to DoS
This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=… can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.(*Server).RechargePut(…) due to an out-of-range slice access. In the reported runtime, Gin recovery converts the panic into HTTP 500, but the recharge path remains remotely panic-triggerable and can be abused repeatedly to degrade recharge functionality and flood logs. In deployments without equivalent recovery handling, this …