CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
The Synopsys Cybersecurity Research Center (CyRC)

INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.

It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.

Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.

Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).

News Comment

Today's Industry

Images By : Freepik

Sabtu, 14 September 2024 - 16:56 WIB

Essential Tips for Choosing Personal Health Insurance in the US

Choosing the right health insurance plan in the United States can be a complex task, especially with the variety of options available and the ever-changing landscape of healthcare policy. Here…

Images By : Freepik

Sabtu, 14 September 2024 - 16:53 WIB

The Top 10 Insurance Companies in the US for 2024

In the ever-evolving landscape of insurance, selecting the right company can significantly impact your financial security and peace of mind.

Images By : Freepik

Jumat, 13 September 2024 - 15:37 WIB

Why Airbnb Become Popular in 2024?

Airbnb fosters a more interactive experience between hosts and guests. Through direct messaging, guests can inquire about specific details, negotiate pricing, or clarify expectations, which…

Flag of the United Nations Organization.

Kamis, 15 Agustus 2024 - 14:26 WIB

Modena Officially Becomes a Member of the UN Global Compact

Commited to transforming towards sustainable business practices, Modena the global home appliance established over 60 years ago in Italy, officially became a member of the UN Globe Compact (UNGC)…

The Board of Directors of PTT Global Chemical (GC) pose for a group photo after receiving the prestigious SNI (Indonesian National Standard) certification for its InnoPlus Polyethylene resin. (Photo: GC Public Relations)

Kamis, 27 Juni 2024 - 15:30 WIB

Global Chemical Achieves Prestigious SNI Certification for InnoPlus Polyethylene Resin

PTT Global Chemical (GC) is proud to announce its successful attainment of the prestigious SNI (Indonesian National Standard) certification for its InnoPlus Polyethylene resin.