CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library
By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.
It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.
Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.
Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).
Read Also
Huawei Garners Award from Manpower Ministry as Best Foreign Enterprise…
Government's Role in Consumer Protection in the Digital Era
Huawei Supplier Convention 2023: Driving Collaboration and Innovation…
Huawei Holds Optix Club 2023, Launching New F5G Products and Solutions
Huawei Unveils Joint Fellowship with ITU, Makes Strides in Digital…
Today's Industry

Kamis, 07 Desember 2023 - 20:41 WIB
Lenggang Nyai Dance Enchants at Asian Cup Mascot Launch in Doha
Doha, Qatar - At the Asian Cup mascot launch event in Qatar, the traditional Indonesian dance, Lenggang Nyai from Betawi, stole the show as the only representative from the Southeast Asian region…

Kamis, 07 Desember 2023 - 20:35 WIB
The Consulate General of Indonesia in Vancouver Receives the Integrity Zone Award for a Corruption-Free Region (WBK) in 2023
Bali, Indonesia - The Consulate General of the Republic of Indonesia in Vancouver has achieved the Integrity Zone (ZI) Towards a Corruption-Free Region (WBK) Award 2023. The award was presented…

Kamis, 07 Desember 2023 - 20:31 WIB
Indonesia´s Jamu Wellness Culture Declared as UNESCO Intangible Cultural Heritage
Kasane, Botswana - The UNESCO Intangible Cultural Heritage (ICH) Convention Committee has declared Jamu Wellness Culture as a UNESCO Intangible Cultural Heritage on (6/12). Jamu Wellness Culture…

Kamis, 07 Desember 2023 - 20:29 WIB
From Cape Town to Nordkapp, Indonesian Explorer Sets Off on Expedition Promoting Indonesia
Cape Town, South Africa - Balines globetrotter, Ida Bagus (IB) Ngurah Wijaya has once again set off on an adventure by riding a motorbike from Cape Town to Nordkapp (06/12). On this trip, IB…

Kamis, 07 Desember 2023 - 20:24 WIB
The Indonesian Christian Community holds Christmas Commemoration in Brunei
Bandar Seri Begawan, Brunei Darussalam - Indonesian Ambassador to Brunei Darussalam, Dr. Achmad Ubaedillah hopes that the commemoration of Christmas Day 2023 can further strengthen the sense…
News Comment