关键信息 Bug Description Vulnerability: The UPF in free5gc crashes due to a malformed PFCP Session Establishment Request with an invalid Outer Header Creation layout. Impact: Remote Denial of Service (RDoS) - the UPF process crashes completely, causing service disruption. Vulnerable Function: . Reproduction Steps 1. Setup: Starting a Go project with specific dependencies. 2. Execution: Running the program to send the malformed PFCP request to the target UPF. 3. Requirements: Utilizing Go version 1.24.9 on a Linux machine with specific libraries. Expected Behavior UPF should validate the Outer Header Creation IE's length/format pre-parsing. Malformed requests should be rejected gracefully, not crash the entire UPF process. Environment free5gc Version: v4.1.0 OS: Ubuntu 22.04 Server Kernel Version: 5.15.0-0-generic Go Version: 1.24.9 linux/amd64 Evidence Log Output: Demonstrates the panic . PCAP and Configuration Files: Needed for further evidence and replication but not visible in screenshot.