| 标题 | Open5GS SGWC v2.7.6 Denial of Service |
|---|
| 描述 | Open5GS SGW-C crashes on a malformed GTPv2-C Create Session Request where the Bearer Contexts To Be Created includes an S1-U eNB F-TEID whose flags byte is zero (no IPv4/IPv6). The handler sgwc_s11_handle_create_session_request calls ogs_gtp2_f_teid_to_ip and asserts on OGS_OK, leading to process abort:
Assert location: src/sgwc/s11-handler.c:346
Fatal log example: Assertion 'OGS_OK == ogs_gtp2_f_teid_to_ip(enb_s1u_teid, &dl_tunnel->remote_ip)' failed. |
|---|
| 来源 | ⚠️ https://github.com/open5gs/open5gs/issues/4203 |
|---|
| 用户 | ZiyuLin (UID 93568) |
|---|
| 提交 | 2025-12-31 04時01分 (3 月前) |
|---|
| 管理 | 2026-01-01 11時51分 (1 day later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 339339 [Open5GS 直到 2.7.6 GTPv2-C F-TEID src/sgwc/s11-handler.c sgwc_s11_handle_create_session_request 拒绝服务] |
|---|
| 积分 | 20 |
|---|