Open5GS NSSF Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Open5GS versions through 2.7.7, specifically within the NSSF component. The issue arises in the function 'ogs_sbi_parse_plmn_list' located in the library '/lib/sbi/conv.c'. The vulnerability can be exploited remotely, causing the NSSF process to crash. This occurs when the 'target-plmn-list' parameter contains invalid JSON, leading to a failed assertion and an abrupt termination of the service.

Impact

Exploitation of this vulnerability causes the NSSF process to crash, disrupting service and potentially leading to a denial of functionality for dependent processes or services.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/nnssf-nsselection/v2/network-slice-information' endpoint with a malformed 'target-plmn-list' parameter that includes invalid JSON. This can be done using a tool like curl, after obtaining the NSSF service's IP address.