Open5GS BSF Component Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Open5GS versions prior to 2.7.7. The issue arises in the BSF component, specifically within the 'bsf_sess_add_by_ip_address' function of the '/nbsf-management/v1/pcfBindings' endpoint. When an invalid IPv4 address is provided, the function fails to process the request correctly, leading to a crash. This vulnerability can be exploited remotely, causing the BSF process to terminate unexpectedly.

Impact

Exploitation of this vulnerability causes the BSF process to crash, disrupting service and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a 'POST' request to the '/nbsf-management/v1/pcfBindings' endpoint with an invalid 'ipv4Addr' value. The BSF component will attempt to process the request, but the invalid IP address will cause an assertion failure, leading to a crash. After the BSF process exits, the error logs will indicate the invalid IP string and the assertion failure that caused the crash.