Primary

Context

Open5GS MME Assertion Failure Vulnerability via Oversized ASN.1 Packets on S1AP Interface

Vulnerability

A vulnerability exists in Open5GS MME versions through 2.6.4, where an assertion can be remotely triggered by sending a sufficiently large ASN.1 packet over the S1AP interface. This oversized packet causes the 'ogs_sctp_recvmsg' routine to enter an unexpected state, leading to a crash and a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a crash of the Open5GS MME, disrupting all cellular communications managed by the MME, including phone calls, messaging, and data services.

Reproduction

The vulnerability can be reproduced by sending an oversized ASN.1 packet over the S1AP interface to the Open5GS MME. This can be done by an unauthenticated mobile device or, due to Wi-Fi calling services, by any entity on the Internet.

Remediation

Users can upgrade to Open5GS version 2.7.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS MME Assertion Failure Vulnerability via Oversized ASN.1 Packets on S1AP Interface

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Open5GS

Magma

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating