Submeter #808445: Open5gs PCF v2.7.7 Denial of Serviceinformação

TítuloOpen5gs PCF v2.7.7 Denial of Service
Descrição### Open5GS Release, Revision, or Tag v2.7.7 ### Steps to reproduce ### Description This merged report covers the two confirmed `Npcf_PolicyAuthorization` reachability variants that hit the same crash site: ```c from_str = strstr(&rx_flow->description[strlen("permit in")], "from"); ogs_assert(from_str); ``` at `../lib/proto/types.c:938`. The shared payload shape is the same in both cases: ```text fDescs = ["permit in"] ``` Confirmed reachability variants: 1. `POST /npcf-policyauthorization/v1/app-sessions` 2. `PATCH /npcf-policyauthorization/v1/app-sessions/{appSessionId}` The immediate callers differ, but the crash site and malformed flow-description root cause are identical. ### Root cause - Shared crash site: `../lib/proto/types.c:938` - Root cause family: parser/business-logic mismatch - Create-path caller: `ogs_pcc_rule_install_flow_from_media()` - Update-path caller: `ogs_pcc_rule_num_of_flow_equal_to_media()` - Controlling field: `ascReqData.medComponents[*].medSubComps[*].fDescs[*]` ### Logs ```shell ### Create Reproduction Create an app session with: {"ascReqData":{"medComponents":{"1":{"medSubComps":{"1":{"fDescs":["permit in"]}}}}}} Observed in the confirmed run: 04/11 17:57:24.739: [core] FATAL: flow_rx_to_gx: Assertion `from_str' failed. (../lib/proto/types.c:938) ### Update Reproduction Patch an existing app session with the same malformed flow description: {"ascReqData":{"medComponents":{"1":{"medSubComps":{"1":{"fDescs":["permit in"]}}}}}} Observed in the confirmed run: 04/11 17:58:54.874: [core] FATAL: flow_rx_to_gx: Assertion `from_str' failed. (../lib/proto/types.c:938) ``` ### Expected behaviour PCF should reject malformed `permit in` AF flow descriptions with a normal client error on both create and update routes. ### Observed Behaviour Both create and update reachability variants hit the same `flow_rx_to_gx()` assertion and restart the PCF process. ### eNodeB/gNodeB Not required. ### UE Models and versions Not required.
Fonte⚠️ https://github.com/open5gs/open5gs/issues/4441
Utilizador
 LinZiyu (UID 94035)
Submissão20/04/2026 20h38 (há 1 mês)
Moderação09/05/2026 09h35 (19 days later)
EstadoAceite
Entrada VulDB362443 [Open5GS até 2.7.7 /lib/proto/types.c ogs_pcc_rule_install_flow_from_media Negação de Serviço]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!