CVE-2022-43223: Open5GS v2.4.11 Memory Leak in ngap-handler.c Component Leads to Denial of Service Attack

Open5GS is a popular open-source software suite that provides implementations of the 3GPP's 5G core network. It is widely used in research, industry, and educational institutions for developing and deploying 5G networks. Recently, a vulnerability has been identified in Open5GS v2.4.11 that has been assigned the identifier CVE-2022-43223. This vulnerability is related to a memory leak in the ngap-handler.c component, which could potentially allow an attacker to cause a Denial of Service (DoS) attack.

Vulnerability Details

Researchers discovered a memory leak in the ngap-handler.c component in Open5GS v2.4.11. This vulnerability can be exploited by an attacker to cause a Denial of Service (DoS) attack through a crafted UE (User Equipment) attachment. Essentially, by sending a specially crafted attachment to the vulnerable component, an attacker can trigger the memory leak, which eventually leads to resource exhaustion and a potential crash of the system.

The affected code snippet in ngap-handler.c is as follows

void ngap_handle_initial_ue_message(amf_gnb_t *gnb,
        NGAP_NGAP_PDU_t *pdu)
{
    ...
    if (ies_message->presencemask & NGAP_NGAP_PDU_Present_initiatingMessage) {
        ...
                OpenAPI_s_nssai_t *s_NSSAI = calloc(1, sizeof(OpenAPI_s_nssai_t));
                if (!s_NSSAI) {
                    ogs_error("OpenAPI_s_nssai_parseFromJSON() failed");
                    ogs_sbi_message_free(ies_message);
                    return;
                }
         ...
    }
    ...
}

As shown in the code snippet above, memory for s_NSSAI is allocated using calloc, but it is not freed properly, leading to a memory leak.

Exploiting the vulnerability can lead to resource exhaustion and potentially crash the entire system, impacting the performance and stability of the 5G network. This can be particularly harmful as 5G networks are used for various critical services, including emergency services, critical infrastructure, and other essential services.

Mitigation and References

Open5GS has acknowledged the vulnerability and has released a patch to address this issue in version 2.4.11. It is highly recommended that users of Open5GS v2.4.11 upgrade to the patched version as soon as possible.

For more information about the vulnerability, you may refer to the following resources

- Original advisory from the Open5GS project
- CVE-2022-43223 details in the NIST National Vulnerability Database (NVD)

Conclusion

CVE-2022-43223 is a significant vulnerability that has been identified in Open5GS v2.4.11. It is related to a memory leak in the ngap-handler.c component that could be exploited by an attacker to cause a Denial of Service (DoS) attack. To prevent potential exploitation and protect the 5G network's stability, users of Open5GS v2.4.11 are strongly urged to upgrade to the patched version.

Timeline

Published on: 11/01/2022 14:15:00 UTC
Last modified on: 11/02/2022 14:37:00 UTC