CVE-2024-24428 in Open5GS
Summary
by MITRE • 01/22/2025
A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/22/2025
The vulnerability identified as CVE-2024-24428 represents a critical denial of service weakness within the Open5GS 5G core network software ecosystem. This issue manifests in the oai_nas_5gmm_decode function which processes NGAP (Next Generation Application Protocol) packets essential for communication between 5G base stations and core network components. The flaw occurs when the system encounters a malformed or crafted NGAP packet that triggers an assertion failure within the decoding routine, effectively causing the affected service to terminate unexpectedly.
The technical nature of this vulnerability stems from insufficient input validation and error handling within the 5G mobility management message decoding process. When an attacker sends a specially crafted NGAP packet containing malformed data structures or unexpected parameter values, the oai_nas_5gmm_decode function fails to properly handle these edge cases and instead reaches an assertion that cannot be gracefully recovered from. This assertion failure constitutes a classic software bug that falls under the CWE-617 category of reachable assertions, where program assertions that should never be triggered become reachable through malicious input manipulation. The vulnerability directly impacts the availability of 5G core network services by causing the affected Open5GS components to crash and restart repeatedly.
From an operational perspective, this vulnerability presents a significant risk to 5G network availability and service continuity. Network operators relying on Open5GS versions 2.6.4 or earlier face potential service disruption when attackers exploit this weakness through carefully constructed NGAP packets. The DoS attack can be executed remotely without requiring authentication, making it particularly dangerous in production environments where network infrastructure components are exposed to external traffic. The impact extends beyond simple service interruption as network downtime can affect all connected 5G users within the affected network segment, potentially causing cascading failures in dependent services and applications that rely on 5G connectivity.
The attack surface for this vulnerability aligns with the ATT&CK framework's T1499.004 technique for network denial of service, specifically targeting network infrastructure components through protocol manipulation. Security practitioners should note that this vulnerability exists in the application layer of the 5G network stack, making it particularly challenging to mitigate at the network perimeter since NGAP traffic is legitimate protocol communication that must be allowed for normal network operation. The recommended mitigation strategy involves immediate upgrade to Open5GS version 2.6.5 or later where this assertion failure has been addressed through improved input validation and error handling mechanisms. Additionally, network administrators should implement monitoring solutions to detect unusual patterns of NGAP packet traffic and consider deploying intrusion detection systems that can identify and block malformed NGAP packets before they reach the vulnerable components.