| शीर्षक | Open5GS <=v2.7.5 Denail of Service |
|---|
| विवरण | A denial-of-service (DoS) vulnerability exists in Open5GS AMF (version v2.7.5 and earlier), caused by improper asynchronous state handling during the processing of delayed SBI client responses.
This vulnerability occurs when a UE and gNB repeatedly attach and detach under memory-constrained or unstable network conditions. If a late Nudm-SDM response is received after the RAN UE context has already been deleted, the AMF fails to validate the internal state before accessing it. This leads to a failed assertion (ran_ue_find_by_id returns NULL), causing a fatal crash of the amfd process.
An unauthenticated remote attacker can exploit this flaw by programmatically triggering frequent UE registrations and deregistrations, possibly accompanied by simulated gNB removal. In practical scenarios, this can cause AMF to crash within 1–10 minutes of repeated activity, leading to a persistent denial of access to the 5G core network.
Although the vulnerability does not impact confidentiality or integrity, it severely affects both general availability and the availability of critical security functions such as mobility management and authentication.
CVSS v4.0 Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Severity: HIGH |
|---|
| स्रोत | ⚠️ https://github.com/open5gs/open5gs/issues/3979 |
|---|
| उपयोगकर्ता | lixxxiang (UID 88572) |
|---|
| सबमिशन | 31/07/2025 07:39 AM (9 महीनों पहले) |
|---|
| संयम | 09/08/2025 07:44 AM (9 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 319327 [Open5GS तक 2.7.5 AMF src/amf/npcf-build.c सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|