Product
A nil-pointer dereference vulnerability exists in free5GC's PCF when handling POST requests to `/npcf-smpolicycontrol/v1/sm-policies`. When a downstream UDR lookup returns a 404 error, the handler continues execution instead of returning, leading to a nil response struct dereference and a panic. This results in an HTTP 500 error for the request, but the PCF process continues running. The vulnerability is triggered by sending a POST request with input that causes the downstream UDR lookup to fail, such as an unknown DNN. This issue affects free5GC versions v4.1.0 and v4.2.1.