Vulnerability Description
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open5Gs | Open5Gs | < 2.4.13 |
Related Weaknesses (CWE)
References
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-open5gs-gtp-libraThird Party Advisory
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-open5gs-gtp-libraThird Party Advisory
FAQ
What is CVE-2023-23846?
CVE-2023-23846 is a vulnerability with a CVSS score of 7.5 (HIGH). Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol p...
How severe is CVE-2023-23846?
CVE-2023-23846 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23846?
Check the references section above for vendor advisories and patch information. Affected products include: Open5Gs Open5Gs.