CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
The Synopsys Cybersecurity Research Center (CyRC) - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.

It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.

Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.

Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).

News Comment

Today's Industry

Wellington College Independent School Jakarta (WCIJ)

Senin, 29 April 2024 - 05:02 WIB

One of the UK’s Most Established Schools Chooses Jakarta for Their Latest Opening

Wellington College Independent School Jakarta (WCIJ) is thrilled to announce its grand opening in September 2024! As the first private UK school to open in Indonesia, WCIJ, a pioneering co-educational…

Presiden Jokowi

Selasa, 23 April 2024 - 10:29 WIB

President Jokowi Reaffirms Commitment to Farmers’ Welfare

President Joko “Jokowi” Widodo on Monday (04/22) inspected corn harvest in Boalemo regency, Gorontalo province. “Our corn import has decreased significantly from 3.5 million tonnes to…

Photo: Aris Nurjani/VOI

Rabu, 28 Februari 2024 - 12:47 WIB

Carsurin and NBRI Strengthen Strategic Alliance to Propel Indonesia’s EV Industry

PT Carsurin Tbk ("Carsurin") and the National Battery Research Institute ("NBRI") are pleased to announce the signing of a pivotal Strategic Alliance Agreement (SAA), marking a significant advancement…

Beras (Foto/Rizki Meirino)

Rabu, 21 Februari 2024 - 08:43 WIB

Gov’t to Continue Disbursing Rice Assistance

President Joko “Jokowi” Widodo has ensured that the Government will continue rolling out the rice assistance program for low-income families. The President made the statement when handing…

Ilustrasi pabrik beras. (Foto: DetikFood)

Rabu, 21 Februari 2024 - 08:40 WIB

Bapanas Head Ensures Availability of Rice Stock Ahead of Ramadan

The National Food Agency (Bapanas) has ensured the availability of rice for the fasting month of Ramadan and Eid al-Fitr 1445 Hijri/2024 CE. “We believe that there is enough rice for the fasting…