Primary

Context

Open5GS AMF Component Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Open5GS versions through 2.7.6, specifically within the AMF component. The issue arises in the 'gmm-handler.c' file, where an unknown function improperly handles the 'reg_type' argument. This mismanagement can lead to a crash when the AMF receives a Registration Request with an invalid GUTI, allowing the denial-of-service attack to be executed remotely.

Impact

Exploitation of this vulnerability causes the AMF process to crash, disrupting service and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending an InitialUEMessage NGAP message that includes a RegistrationRequest with a non-zero, invalid GUTI as the 5GSID. This will trigger a crash in the AMF component.

Remediation

Users can upgrade to Open5GS version 2.7.7 to address this vulnerability.

Added: May 2, 2026, 3:18 AM

Updated: May 2, 2026, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

7.7

relevance

7.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

7.7

relevance

7.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS AMF Component Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating