OpenAirInterface CN5G AMF Stack Overflow Vulnerability in SCTP Receiver Thread Component Allowing Denial-of-Service

A stack overflow vulnerability has been identified in the 'sctp_server::sctp_receiver_thread' component of OpenAirInterface CN5G AMF, in versions through 2.0.0. This vulnerability allows attackers to cause a denial-of-service (DoS) by repeatedly establishing SCTP connections with the N2 interface. The issue arises from missing bounds checks on file descriptors, which can lead to a buffer overflow when more than 1024 descriptors are open.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by establishing more than 1024 SCTP connections to the server's N2 interface. This can be done by automating the process of opening connections, such as with a script or tool that supports SCTP, and maintaining the connections until the server crashes.