Submit #610601: Open5GS <=2.7.3 Reachable Assertioninfo

TitleOpen5GS <=2.7.3 Reachable Assertion
DescriptionIn Open5GS AMF versions ≤ v2.7.3, SCTP partial messages missing the MSG_EOR flag can cause the AMF to trigger a fatal assertion (ogs_assert_if_reached) and crash due to improper handling of intermediate fragments. The system expects each fragment to be followed by the MSG_EOR flag to indicate the end of the message. If missing, the AMF incorrectly treats the message as incomplete, leading to assertion failure and denial of service. This issue arises from an assumption that all non-MSG_EOR fragments are errors, which is not true in normal SCTP fragmentation scenarios.
Source⚠️ https://github.com/open5gs/open5gs/issues/3878 / https://github.com/matejGradisar/open5gs/commit/00096786dabe470732ab374e6cf2030c0e111037
User
 SQ0409 (UID 85579)
Submission07/07/2025 16:47 (11 months ago)
Moderation07/11/2025 14:53 (4 days later)
StatusAccepted
VulDB entry316135 [Open5GS up to 2.7.3 SCTP Partial Message ngap_recv_handler/s1ap_recv_handler/recv_handler assertion]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!