OMEC Project AMF Null Pointer Dereference Vulnerability in RAN Configuration Handler

A null pointer dereference vulnerability has been identified in the OMEC Project AMF control plane function for 5G core networks, specifically in versions through 2.1.3-dev. The issue arises in the NGAP message handling, where a malformed RAN Configuration Update message can be sent to the AMF, leading to a crash. This vulnerability can be exploited remotely, causing a denial-of-service condition by crashing the AMF component.

Impact

Exploitation of this vulnerability leads to a segmentation violation, causing the AMF component to crash. This disrupts the handling of NAS signaling and other critical 5G core network functions managed by the AMF.

Reproduction

The vulnerability can be reproduced by sending a malformed RAN Configuration Update NGAP message to the AMF. This message should be crafted to include invalid data that the AMF's NGAP handler does not properly validate, triggering the null pointer dereference. Once the malformed message is received, the AMF will crash, demonstrating the vulnerability.

Remediation

Upgrading to OMEC Project AMF version 2.2.0 or later addresses this vulnerability. The updated version can be downloaded from the OMEC Project AMF GitHub releases page.