Primary

Context

Open5GS 5G NAS Reachable Assertion Vulnerability in oai_nas_5gmm_decode Function Allowing Denial-of-Service

Vulnerability

A reachable assertion vulnerability has been identified in the Open5GS 5G core network component, specifically in versions through 2.6.4. The issue arises in the oai_nas_5gmm_decode function, where a crafted NAS packet can trigger an assertion failure. This vulnerability allows attackers to cause a denial-of-service condition by disrupting normal service operations.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the Open5GS server to crash and disrupt cellular communications.

Reproduction

To reproduce this vulnerability, send a malformed NAS 5GMM packet with a zero-length payload to the Open5GS AMF component. This can be done over the N2 interface, which is accessible to remote attackers.

Remediation

Users can upgrade to Open5GS version 2.7.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS 5G NAS Reachable Assertion Vulnerability in oai_nas_5gmm_decode Function Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating