Primary

Context

Open5GS UDR Denial-of-Service Vulnerability via Improper PEI Handling

Vulnerability

A denial-of-service vulnerability has been identified in Open5GS versions through 2.7.7, specifically within the UDR component. The issue arises in the function 'udr_nudr_dr_handle_subscription_context' located in 'nudr-handler.c'. The vulnerability is triggered by manipulating the 'pei' argument, leading to a crash of the UDR process. This issue can be exploited remotely, causing the container to restart automatically after the crash.

Impact

Exploiting this vulnerability causes the UDR process to crash, with the container restarting automatically, disrupting service.

Reproduction

The vulnerability can be reproduced by sending a 'PUT' request to the '/nudr-dr/v1/subscription-data/{supi}/context-data/amf-3gpp-access' endpoint with an invalid 'pei' value that does not conform to the expected format. The UDR logs will show a fatal error indicating an unknown 'pei' type, and the process will crash, causing the container to restart.

Added: May 3, 2026, 11:19 PM

Updated: May 3, 2026, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS UDR Denial-of-Service Vulnerability via Improper PEI Handling

Vulnerability

Impact

Reproduction

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating