Open5GS Denial-of-Service Vulnerability in UDM Component AMF Registration Update Handling

A denial-of-service vulnerability has been identified in Open5GS versions prior to 2.7.7. The issue arises in the User Data Management (UDM) component, specifically within the 3GPP access registration update handling function. When a request is received with the purge flag set to true, but no corresponding AMF registration state exists, the UDM process crashes. This vulnerability can be exploited remotely, leading to a process termination and potential service disruption.

Impact

Exploitation of this vulnerability causes the UDM process to crash, terminating the process and potentially disrupting services that rely on UDM functionality.

Reproduction

To reproduce this vulnerability, send a PATCH request to the UDM endpoint for AMF 3GPP access registrations, including the purge flag set to true. If no AMF registration object exists for the specified user, the UDM process will crash, hitting an assertion failure that causes the process to abort.