Open5GS NRF Denial-of-Service Vulnerability via Assertion Failure

A denial-of-service vulnerability has been identified in Open5GS versions through 2.7.6. The issue arises in the Network Repository Function (NRF) component, specifically within the 'ogs_sbi_nf_instance_set_id' function in the 'lib/sbi/context.c' file. The vulnerability can be exploited remotely by sending a 'PUT' request to the '/nnrf-nfm/v1/nf-instances' endpoint without including the required 'nfInstanceId' path component. This omission causes the NRF to crash, as the function asserts that the ID pointer is non-null, leading to an assertion failure and process termination.

Impact

Exploitation of this vulnerability causes the NRF process to crash, disrupting service and potentially causing a temporary loss of functionality.

Reproduction

To reproduce this vulnerability, send a 'PUT' request to the '/nnrf-nfm/v1/nf-instances' endpoint without including the 'nfInstanceId' path component. The NRF will crash, exiting with an assertion failure error. This can be verified by checking the Docker container logs, which will show the 'Assertion `id' failed' message, indicating that the process terminated due to the missing ID.