Open5GS Denial-of-Service Vulnerability in UDM Component

A denial-of-service vulnerability has been identified in Open5GS versions prior to 2.7.7. The issue arises in the User Data Management (UDM) component, specifically within the 'smf-registrations' endpoint. When a request is sent to this endpoint without the required 'pduSessionId' path segment, the UDM crashes. This occurs because the absence of the session ID prevents the application from properly handling the request, leading to a fatal assertion error. The vulnerability can be exploited remotely, causing the UDM process to exit unexpectedly.

Impact

Exploitation of this vulnerability causes the UDM process to crash, terminating the service and disrupting any active sessions or processes managed by the UDM.

Reproduction

1. Deploy Open5GS version 2.7.7 using Docker and ensure the UDM SBI endpoint is accessible. 2. Initialize a UDM UE context for the test SUPI. 3. Send a 'PUT' request to the 'smf-registrations' endpoint, omitting the 'pduSessionId' segment while including a valid 'SmfRegistration' body. 4. Monitor the UDM container's status and logs to observe the crash.