CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library
By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.
It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.
Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.
Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).
Read Also
CleverTap launches local deployment of its SaaS platform in Indonesia
Huawei Recognized as Outstanding Partner from Indosat in MOCN Partner…
Toshiba Releases Small Photorelay with High Speed Turn-On Time that…
Toshiba Releases Small Photorelay with High Speed Turn-On Time that…
Kioxia to Showcase New Consumer SSDs Delivering PCIe® 4.0 Performance…
Today's Industry

Selasa, 26 September 2023 - 07:45 WIB
ESSA Secures Gas Contract Extension for LPG Refinery
PT Surya Esa Perkasa Tbk. (ESSA: IJ), a publicly listed company engaged in the Energy and Chemical sectors through its LPG (Liquefied Petroleum Gas) refinery and Ammonia plant today (22/9) announced…

Selasa, 26 September 2023 - 06:45 WIB
ALDO Strengthens PT Eco Paper’s Business of Recycled Brown Paper Production
PT Alkindo Naratama Tbk (ALDO), a listed company engaged in the integrated paper and chemical business, plans to inject additional working capital of around IDR 40 billion into its subsidiary…

Sabtu, 23 September 2023 - 11:33 WIB
Growing Above Industrial Average, CLEO Strives for Innovation
Producer of bottled drinking water with the brand "CLEO", PT Sariguna Primatirta Tbk (Tanobel Group) targets its sales in 2023 to grow above the average of the bottled drinking water (AMDK)…

Kamis, 14 September 2023 - 15:15 WIB
INOV Poised to Absorb PET Recycling Market Potential
The prospects of PT Inocycle Technology Group Tbk ("INOV") a public company in the field of recycling plastic (PET) bottle waste into Recycled Polyester Staple Fiber (Re-PSF), looks bright for…

Senin, 11 September 2023 - 09:07 WIB
Indonesian Cuisine, Cultural Performances Enliven Gala Dinner of 43rd ASEAN Summit
President Joko “Jokowi” Widodo and First Lady Iriana Jokowi hosted a gala dinner for leaders of ASEAN member states, partners, and international organizations at Hutan Kota restaurant in…
News Comment