CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
The Synopsys Cybersecurity Research Center (CyRC) - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.

It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.

Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.

Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).

News Comment

Today's Industry

PT Surya Esa Perkasa Tbk. (ESSA: IJ)

Selasa, 26 September 2023 - 07:45 WIB

ESSA Secures Gas Contract Extension for LPG Refinery

PT Surya Esa Perkasa Tbk. (ESSA: IJ), a publicly listed company engaged in the Energy and Chemical sectors through its LPG (Liquefied Petroleum Gas) refinery and Ammonia plant today (22/9) announced…

(kiri-kanan) Cahyo (operations manager PT Eco Paper Indonesia), Kuswara ( Direktur ALDO), Herwanto Sutanto (Presdir ALDO), dan Herlambang Putra Sujadi (Direktur PT Eco Paper Indonesia)

Selasa, 26 September 2023 - 06:45 WIB

ALDO Strengthens PT Eco Paper’s Business of Recycled Brown Paper Production

PT Alkindo Naratama Tbk (ALDO), a listed company engaged in the integrated paper and chemical business, plans to inject additional working capital of around IDR 40 billion into its subsidiary…

"CLEO", PT Sariguna Primatirta Tbk (Tanobel Group)

Sabtu, 23 September 2023 - 11:33 WIB

Growing Above Industrial Average, CLEO Strives for Innovation

Producer of bottled drinking water with the brand "CLEO", PT Sariguna Primatirta Tbk (Tanobel Group) targets its sales in 2023 to grow above the average of the bottled drinking water (AMDK)…

PT Inocycle Technology Group Tbk ("INOV")

Kamis, 14 September 2023 - 15:15 WIB

INOV Poised to Absorb PET Recycling Market Potential

The prospects of PT Inocycle Technology Group Tbk ("INOV") a public company in the field of recycling plastic (PET) bottle waste into Recycled Polyester Staple Fiber (Re-PSF), looks bright for…

Participants of the 43rd ASEAN Summit enjoy the gala dinner at Hutan Kota GBK in Jakarta, Wednesday (09/06). (Photo by: BPMI of Presidential Secretariat)

Senin, 11 September 2023 - 09:07 WIB

Indonesian Cuisine, Cultural Performances Enliven Gala Dinner of 43rd ASEAN Summit

President Joko “Jokowi” Widodo and First Lady Iriana Jokowi hosted a gala dinner for leaders of ASEAN member states, partners, and international organizations at Hutan Kota restaurant in…