CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library
By : Nata Kesuma | Sunday, February 05 2023 - 22:55 IWST

The Synopsys Cybersecurity Research Center (CyRC)
INDUSTRY.co.id - Singapore- The Synopsys Cybersecurity Research Center (CyRC) has exposed CVE-2023-23846, a vulnerability in Open5GS. Open5GS is a C-language open source implementation that provides both 4G/LTE enhanced packet core (EPC) and 5G functionalities for mobile network deployments with an AGPLv2 or commercial license.
It is primarily used to build and deploy private LTE/5G telecom network core functions by researchers and commercial entities such as telecom network operators.
Due to insufficient length validation in the Open5GS GTP library when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption.
Because the code resides in a common GTP library that is shared across different functions, this vulnerability is effectively present in all deployed endpoints configured to accept and handle GTP-U messages, including the 5G user plane function (UPF, provided by open5gs-upfd), the 5G session management function (SMF, provided by open5gs-smfd), and the LTE/EPC serving gateway user plane function (SGW-U, provided by open5gs-sgwud).
Read Also
Huawei Recognized as Outstanding Partner from Indosat in MOCN Partner…
Toshiba Releases Small Photorelay with High Speed Turn-On Time that…
Toshiba Releases Small Photorelay with High Speed Turn-On Time that…
Kioxia to Showcase New Consumer SSDs Delivering PCIe® 4.0 Performance…
Kioxia Introduces New BG6 Series Client SSDs, Brings PCIe® 4.0 Performance…
Today's Industry

Rabu, 31 Mei 2023 - 15:28 WIB
65th Session of the APO Governing Body in Mongolia: Assessing Progress, Celebrating Milestones, Shaping the Future
The Asian Productivity Organization (APO) successfully concluded the 65th Session of its Governing Body (GBM) with representatives of 19 APO member economies attending in Ulaanbaatar, Mongolia,…

Rabu, 31 Mei 2023 - 15:00 WIB
World Fishing Championship, the First Fishing Game on WEMIX PLAY, Launches in 170 Countries
Wemade officially launched World Fishing Championship, a fishing game developed by Wemade Plus, on May 25th in 170 countries.

Rabu, 31 Mei 2023 - 14:35 WIB
President Jokowi Launches IKN Logo Themed Tree of Life
Indonesian President Joko Widodo (Jokowi) officially launched the Indonesian Capital City logo (IKN), Tuesday (30/05/2023), at the State Palace, Jakarta.

Rabu, 31 Mei 2023 - 14:05 WIB
UAE's Technology Innovation Institute Launches Open-Source "Falcon 40B"
The Technology Innovation Institute (TII), a leading global scientific research center and the applied research pillar of Abu Dhabi’s Advanced Technology Research Council (ATRC), today strengthened…

Senin, 29 Mei 2023 - 14:35 WIB
New Energy Electric Vehicles in Gangbei District of Guigang City Enters the ASEAN "Blue Ocean" Market
Recently, Guangxi Guigang Fushuai Electric Vehicle Co., Ltd. and PT. DFU INTERNATIONAL INDONESIA signed the first batch of directional purchase contracts for 20,000 new energy electric vehicles…
News Comment