CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
The Synopsys Cybersecurity Research Center (CyRC)

INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.

It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.

Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.

Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).

News Comment

Today's Industry

One of Apartments offered by Savyavasa and Permata Bank Launch Exclusive Foreign Mortgage Program

Senin, 09 Juni 2025 - 14:22 WIB

Savyavasa and Permata Bank Launch Exclusive Foreign Mortgage Program

Savyavasa, a luxury residential development by Swire Properties and JSI Group under PT Jantra Swarna Dipta, in collaboration with Permata Bank, presents a new solution for foreign nationals…

President Prabowo in Thailand

Rabu, 21 Mei 2025 - 10:09 WIB

Indonesia, Thailand Sign MoU on Health Sector, Focusing on Global Capacity, Collaboration

As a part of President Prabowo Subianto’s official visit to Thailand, both countries signed a Memorandum of Understanding (MoU) on health sector, in an effort to strengthen bilateral cooperation…

President Prabowo in Thailand

Rabu, 21 Mei 2025 - 10:06 WIB

Indonesia, Thailand Deepen Cooperation on Security, Trade, and Regional Stability

resident Prabowo Subianto has reaffirmed Indonesia’s strong commitment to deepening bilateral relations with Thailand during the meeting with Thailand’s Prime Minister Paetongtarn Shinawatra…

SD Darmono CEO Jababeka Group with Boediman Widjaja CEO JOE Green Group

Selasa, 20 Mei 2025 - 12:44 WIB

Boediman Widjaja's Technology Ready to be Adopted in Jababeka Industrial Estate (KIJA)

In an exclusive seminar entitled "A Great Step: Boediman Widjaja Story - Going from Indonesia, Thriving in Singapore" held at the President Lounge, Menara Batavia, Boediman Widjaja, Founder…

A total of 55 health professionals who participated in the Binawan Europe program, in the form of international career development scholarships in Austria. (Photo: The Public Relations of Binawan University)

Jumat, 02 Mei 2025 - 10:46 WIB

Binawan and Government Support Indonesian Nurses in Europe through Scholarships

In the midst of the viral #KaburAjaDulu hashtag as a symbol of the young generation's disappointment with domestic working conditions, Binawan responded with real action: dispatching Indonesian…