CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
The Synopsys Cybersecurity Research Center (CyRC)

INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.

It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.

Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.

Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).

News Comment

Today's Industry

Lenggang Nyai Dance Enchants at Asian Cup Mascot Launch in Doha

Kamis, 07 Desember 2023 - 20:41 WIB

Lenggang Nyai Dance Enchants at Asian Cup Mascot Launch in Doha

Doha, Qatar - At the Asian Cup mascot launch event in Qatar, the traditional Indonesian dance, Lenggang Nyai from Betawi, stole the show as the only representative from the Southeast Asian region…

The Consulate General of Indonesia in Vancouver Receives the Integrity Zone Award for a Corruption-Free Region (WBK) in 2023

Kamis, 07 Desember 2023 - 20:35 WIB

The Consulate General of Indonesia in Vancouver Receives the Integrity Zone Award for a Corruption-Free Region (WBK) in 2023

Bali, Indonesia - The Consulate General of the Republic of Indonesia in Vancouver has achieved the Integrity Zone (ZI) Towards a Corruption-Free Region (WBK) Award 2023. The award was presented…

Indonesia´s Jamu Wellness Culture Declared as UNESCO Intangible Cultural Heritage

Kamis, 07 Desember 2023 - 20:31 WIB

Indonesia´s Jamu Wellness Culture Declared as UNESCO Intangible Cultural Heritage

Kasane, Botswana - The UNESCO Intangible Cultural Heritage (ICH) Convention Committee has declared Jamu Wellness Culture as a UNESCO Intangible Cultural Heritage on (6/12). Jamu Wellness Culture…

From Cape Town to Nordkapp, Indonesian Explorer Sets Off on Expedition Promoting Indonesia

Kamis, 07 Desember 2023 - 20:29 WIB

From Cape Town to Nordkapp, Indonesian Explorer Sets Off on Expedition Promoting Indonesia

Cape Town, South Africa - Balines globetrotter, Ida Bagus (IB) Ngurah Wijaya has once again set off on an adventure by riding a motorbike from Cape Town to Nordkapp (06/12). On this trip, IB…

The Indonesian Christian Community holds Christmas Commemoration in Brunei

Kamis, 07 Desember 2023 - 20:24 WIB

The Indonesian Christian Community holds Christmas Commemoration in Brunei

Bandar Seri Begawan, Brunei Darussalam - Indonesian Ambassador to Brunei Darussalam, Dr. Achmad Ubaedillah hopes that the commemoration of Christmas Day 2023 can further strengthen the sense…