Thinking Process: 1. Analyze the Request: Task: Translate a Chinese vulnerability intelligence summary to English. Role: Professional translator specializing in cybersecurity. Constraints: Maintain all Markdown formatting intact. Do not add any introductory or concluding remarks. Just output the English translation. Input: A Markdown snippet containing sections like "关键信息" (Key Information), "漏洞描述" (Vulnerability Description), "解决方案" (Solution), "安全影响" (Security Impact), "修复细节" (Fix Details), "报告者" (Reporter), "参与者" (Participants). 2. Analyze the Input Content: Header: -> Section 1: -> Bullet point: -> Content: Technical details about NEF component, PFD data, Nnef_PfdManagement GET request, 500 error code, JSON parsing error, invalid character 'n', UDR returning 404 but writing 'null', etc. Section 2: -> Bullet point: -> Content: List of functions where return statements need to be added. Section 3: -> Bullet point: -> Bullet point: -> Content: CWE-209, CWE-388, internal parsing errors leaking to untrusted clients, fingerprinting, 500 vs 404 status code issues. Section 4: -> Bullet point: -> Bullet point: -> Bullet point: -> Section 5: -> Bullet point: -> Section 6: -> List of names. 3. Drafting the Translation (Iterative Process): Header: -> Section 1: -> Bullet: Translation: Section 2: -> Bullet: Translation: Function List: Keep as is (code/function names). Section 3: -> Bullet: Translation: - CWE ID: CWE-209 (Information Exposure) and CWE-388 (Unreliable Security-Related Behavior) - 影响: 内部解析错误(如无效字符 'n')泄漏给不受信任的客户端,可能帮助攻击者进行服务器软件和逻辑流程的指纹识别。此外,错误地返回 500 代码而不是 404 会导致系统状态表示错误,从而模糊安全相关错误边界,影响准确的故障排除。 - Impact: Internal parsing errors (such as invalid character 'n') are leaked to untrusted clients, potentially aiding attackers in fingerprinting server software and logic flows. Additionally, incorrectly returning a 500 code instead of 404 leads to incorrect system state representation, thereby blurring security-related error boundaries and affecting accurate troubleshooting. 修复细节 Fix Details - 修复提交: 91bb34b - Fix Commit: 91bb34b - 影响版本: free5GC v4.0.1 使用 Nnef_PfdManagement 服务的所有部署 - Affected Versions: All deployments of free5GC v4.0.1 using the Nnef_PfdManagement service - 修复版本: 用户应升级到包含此修复的下个 free5GC 发布版本 - Fixed Version: Users should upgrade to the next free5GC release version containing this fix 报告者 Reporter - 报告者: zfei10990-cmd - Reporter: zfei10990-cmd 参与者 Participants 91bb34b - 修复: ... 关键信息 Key Information ``markdown Key Information Vulnerability Description - Issue: The NEF component incorrectly returns a 500 error code (JSON parsing error: invalid character 'n') in Nnef_PfdManagement GET requests missing PFD data. When PFD data is not found, the UDR returns 404 but continues execution and writes 'null' after the ProblemDetails JSON, causing invalid JSON and resulting in the NEF returning 500 due to a parsing error of "invalid character 'n' after top-level value". Solution - Fix: Add return statements in the following functions to handle returns after error responses: - GetApplicationDataIndividualPfdFromDBProcedure - PutApplicationDataIndividualPfdToDBProcedure - PolicyDataBdtDataGetProcedure - PolicyDataSubsToNotifySubsIdDeleteProcedure - PolicyDataSubsToNotifySubsIdPutProcedure - PolicyDataUesUeIdAmDataGetProcedure - PolicyDataUesUeIdOperatorSpecificDataGetProcedure - PolicyDataUesUeIdOperatorSpecificDataPatchProcedure (2 locations) Security Impact - CWE ID: CWE-209 (Information Exposure) and CWE-388 (Unreliable Security-Related Behavior) - Impact: Internal parsing errors (such as invalid character 'n') are leaked to untrusted clients, potentially aiding attackers in fingerprinting server software and logic flows. Additionally, incorrectly returning a 500 code instead of 404 leads to incorrect system state representation, thereby blurring security-related error boundaries and affecting accurate troubleshooting. Fix Details - Fix Commit: 91bb34b - Affected Versions: All deployments of free5GC v4.0.1 using the Nnef_PfdManagement service - Fixed Version: Users should upgrade to the next free5GC release version containing