CVE-2022-43222 - Open5GS v2.4.11 Memory Leak in src/smf/pfcp-path.c Leading to Denial of Service Attack

A recently discovered vulnerability, CVE-2022-43222, in Open5GS v2.4.11 exposes the system to a potential Denial of Service (DoS) attack due to a memory leak in a specific component of the software. Open5GS is an open-source implementation of 5G core network functions, and its inherent security weakness could pose significant risks for network operators and their subscribers. This long-read post will delve into the technical aspects of the vulnerability, citing code snippets, original references, and discussing potential exploit details.

Vulnerability Details

The CVE-2022-43222 vulnerability exists within the src/smf/pfcp-path.c component of Open5GS. The issue is specifically related to a memory leak in this component that allows an attacker to send a specially-crafted Packet Forwarding Control Protocol (PFCP) packet, which could ultimately cause a DoS attack in the affected system.

The memory leak appears in the following code snippet of the src/smf/pfcp-path.c file

void pfcp_send_request_to_all_user_planes(pfcp_xact_t *xact)
{
    ogs_list_t *list = NULL;
    ogs_pfcp_node_t *node = NULL;

    list = ogs_pfcp_self()->remote_list;
    ogs_list_for_each(list, node) {
        ogs_assert(node->sock);
        ogs_pfcp_send_pdu(node->sock, node->addr, xact->pdu);
    }
}

The issue is that the xact->pdu variable is not de-allocated appropriately, resulting in a memory leak. This memory leak can be exploited by an attacker to send malicious PFCP packets to the targeted system, causing resource exhaustion and eventually leading to a DoS attack.

Exploit Details

To exploit this vulnerability, an attacker would first need to craft a specially designed PFCP packet. This could be achieved using various packet manipulation tools available to a skilled adversary, ensuring that the packet will cause the memory leak when parsed by the vulnerable component. The attacker would then send these crafted packets to the target system to trigger the vulnerability and deplete its resources. Over time, the cumulative impact of the memory leak could result in a DoS attack as the system becomes unable to handle new incoming requests.

Mitigation and Recommendations

To remediate this vulnerability, users of Open5GS should upgrade their software to v2.4.12 or later, where the memory leak issue has been addressed. The patched version can be downloaded from the Open5GS GitHub repository at https://github.com/open5gs/open5gs/releases.

Additionally, network operators can implement security measures such as rate limiting and access control policies to help mitigate potential attacks exploiting the CVE-2022-43222 vulnerability. These measures can serve as an extra layer of protection, ensuring that only legitimate PFCP packets are allowed to interact with the 5G core network system.

Original References

For more information on the CVE-2022-43222 vulnerability, a detailed account of the issue can be found in the following resources:

1. Open5GS GitHub Repository (including issue tracking and fix details): https://github.com/open5gs/open5gs/issues/121
2. National Vulnerability Database (NVD) Entry for CVE-2022-43222: https://nvd.nist.gov/vuln/detail/CVE-2022-43222

In conclusion, the CVE-2022-43222 vulnerability in Open5GS v2.4.11 poses a significant risk for network operators relying on this 5G core network software. By staying informed and applying the recommended mitigation measures and software updates, network operators can help ensure that their systems are adequately protected against potential exploitation and DoS attacks.

Timeline

Published on: 11/01/2022 14:15:00 UTC
Last modified on: 11/02/2022 14:37:00 UTC