OMEC Project AMF Memory Corruption Vulnerability in NGAP Handler

A memory corruption vulnerability has been identified in the OMEC Project AMF (Access and Mobility Management Function) control plane component of the 5G core network, specifically in versions through 2.1.3-dev. The issue arises in the NGSetupRequest function within the ngap/handler.go file. The vulnerability can be exploited remotely by manipulating the InformationElement argument, leading to memory corruption. This flaw has been publicly disclosed and exploited.

Impact

Exploitation of this vulnerability causes a crash in the AMF component, due to a nil pointer dereference, which is a common programming error that can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by sending a malformed NGSetupRequest that lacks valid InformationElements. This can be done by crafting a request that includes the necessary headers but omits or invalidates the InformationElement data. Once the request is received by the AMF, the missing or incorrect information will trigger a panic, causing the application to crash.

Remediation

Users are advised to upgrade to AMF version 2.2.0 or later, as this issue has been fixed in version 2.2.1.