CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library
By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST
![The Synopsys Cybersecurity Research Center (CyRC)](https://eagle.industry.co.id/uploads/berita/detail/5229.png)
The Synopsys Cybersecurity Research Center (CyRC)
INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.
It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.
Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.
Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).
Read Also
Totolink Strengthens Commitment to Innovative and Reliable Network…
BDDC Inaugurates JST1 TIER IV Data Centre in Jakarta to Strengthen…
MoreLogin, the World's #1 Antidetect Browser, Showcased at Affiliate…
Experts gather in Nanning to support high-quality development of…
Huawei Garners Award from Manpower Ministry as Best Foreign Enterprise…
Today's Industry
![The Board of Directors of PTT Global Chemical (GC) pose for a group photo after receiving the prestigious SNI (Indonesian National Standard) certification for its InnoPlus Polyethylene resin. (Photo: GC Public Relations)](https://eagle.industry.co.id/uploads/berita/small/5780.jpg)
Kamis, 27 Juni 2024 - 15:30 WIB
Global Chemical Achieves Prestigious SNI Certification for InnoPlus Polyethylene Resin
PTT Global Chemical (GC) is proud to announce its successful attainment of the prestigious SNI (Indonesian National Standard) certification for its InnoPlus Polyethylene resin.
![Financial Literacy](https://eagle.industry.co.id/uploads/berita/small/5779.png)
Rabu, 26 Juni 2024 - 22:47 WIB
The Importance of Financial Literacy
Financial literacy refers to the ability to understand and use various financial skills effectively, including personal financial management, budgeting, and investing.
![Unveiling New Opportunities](https://eagle.industry.co.id/uploads/berita/small/5778.png)
Rabu, 26 Juni 2024 - 14:52 WIB
Unveiling New Opportunities
As we step into 2024, the cryptocurrency landscape continues to evolve, presenting unprecedented opportunities for investors, developers, and enthusiasts.
![AI Technology](https://eagle.industry.co.id/uploads/berita/small/5777.png)
Senin, 24 Juni 2024 - 20:07 WIB
The Best AI of 2024: A Comprehensive Guide
Artificial Intelligence (AI) is rapidly changing the world, and 2024 is shaping up to be a year of significant advancements in the field.
![Bali Tourism](https://eagle.industry.co.id/uploads/berita/small/216.jpg)
Senin, 24 Juni 2024 - 19:27 WIB
Discovering Bali: The Ultimate Guide to an Unforgettable Holiday
Bali, known as the Island of the Gods, is a tropical paradise that perfectly blends rich culture, pristine beaches, and lush landscapes.
News Comment