| عنوان | Open5GS <=v2.7.5 Denail of Service |
|---|
| الوصف | A denial-of-service (DoS) vulnerability exists in Open5GS AMF (version v2.7.5 and earlier), caused by improper asynchronous state handling during the processing of delayed SBI client responses.
This vulnerability occurs when a UE and gNB repeatedly attach and detach under memory-constrained or unstable network conditions. If a late Nudm-SDM response is received after the RAN UE context has already been deleted, the AMF fails to validate the internal state before accessing it. This leads to a failed assertion (ran_ue_find_by_id returns NULL), causing a fatal crash of the amfd process.
An unauthenticated remote attacker can exploit this flaw by programmatically triggering frequent UE registrations and deregistrations, possibly accompanied by simulated gNB removal. In practical scenarios, this can cause AMF to crash within 1–10 minutes of repeated activity, leading to a persistent denial of access to the 5G core network.
Although the vulnerability does not impact confidentiality or integrity, it severely affects both general availability and the availability of critical security functions such as mobility management and authentication.
CVSS v4.0 Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Severity: HIGH |
|---|
| المصدر | ⚠️ https://github.com/open5gs/open5gs/issues/3979 |
|---|
| المستخدم | lixxxiang (UID 88572) |
|---|
| ارسال | 31/07/2025 07:39 AM (9 أشهر منذ) |
|---|
| الاعتدال | 09/08/2025 07:44 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 319327 [Open5GS حتى 2.7.5 AMF src/amf/npcf-build.c الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|