| عنوان | Open5GS UDP malformed packet Denial of Service |
|---|
| الوصف | Open5Gs (versions 2.4.10 and earlier) is vulnerable to a Denial of Service attack through a malformed UDP packet. Packets are improperly validated in functions within lib/core/ogs-tlv-msg.c and lib/core/ogs-tlv.c
Both 5G and EPC (4G) use two signalling protocols: GTP (GPRS Tunnelling Protocol) and PFCP (Packet Forwarding Control Protocol). The former runs over 2123/UDP (GTP-C) and 2152/UDP (GTP-U), whereas the latter runs over 8805/UDP. There are four core components which listen to incoming UDP connections on those ports: SGW-C, SGW-U, SMF and UPF.
A UDP malformed packet sent to one of those sockets triggers the crash of the target component (either SGW-C, SGW-U, SMF or UPF). Since they are key components within 5G/EPC core networks, this attack could deny the service of the whole architecture.
The issue has been already reported and corrected (pull request merge is pending): https://github.com/open5gs/open5gs/issues/1767
Researcher: Pablo Valle Alvear
Alias: Popvlvs
Company: Titanium Industrial Security
|
|---|
| المصدر | ⚠️ https://github.com/open5gs/open5gs/issues/1767 |
|---|
| المستخدم | popvlvs (UID 32693) |
|---|
| ارسال | 28/09/2022 11:44 AM (4 سنوات منذ) |
|---|
| الاعتدال | 28/09/2022 03:08 PM (3 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 209686 [Open5GS حتى 2.4.10 UDP Packet lib/core/ogs-tlv-msg.c الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|