Submit #727616: Open5GS SGWC v2.7.6 Denial of Serviceinfo

TitleOpen5GS SGWC v2.7.6 Denial of Service
DescriptionOpen5GS SGW-C crashes on a malformed GTPv2-C Create Session Request where the Bearer Contexts To Be Created includes an S1-U eNB F-TEID whose flags byte is zero (no IPv4/IPv6). The handler sgwc_s11_handle_create_session_request calls ogs_gtp2_f_teid_to_ip and asserts on OGS_OK, leading to process abort: Assert location: src/sgwc/s11-handler.c:346 Fatal log example: Assertion 'OGS_OK == ogs_gtp2_f_teid_to_ip(enb_s1u_teid, &dl_tunnel->remote_ip)' failed.
Source⚠️ https://github.com/open5gs/open5gs/issues/4203
User
 ZiyuLin (UID 93568)
Submission12/31/2025 04:01 (3 months ago)
Moderation01/01/2026 11:51 (1 day later)
StatusAccepted
VulDB entry339339 [Open5GS up to 2.7.6 GTPv2-C F-TEID src/sgwc/s11-handler.c sgwc_s11_handle_create_session_request denial of service]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!