A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be used. It is advisable to implement a patch to correct this issue.
Weakness
The product does not release or incorrectly releases a resource before it is made available for re-use.
Potential Mitigations
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/125.html
- https://cwe.mitre.org/data/definitions/130.html
- https://cwe.mitre.org/data/definitions/131.html
- https://cwe.mitre.org/data/definitions/494.html
- https://cwe.mitre.org/data/definitions/495.html
- https://cwe.mitre.org/data/definitions/496.html
- https://cwe.mitre.org/data/definitions/666.html
References
- https://github.com/open5gs/open5gs/
- https://github.com/open5gs/open5gs/issues/4469
- https://github.com/open5gs/open5gs/issues/4469#issuecomment-4389805398
- https://github.com/open5gs/open5gs/pull/4527
- https://vuldb.com/submit/818583
- https://vuldb.com/vuln/367293
- https://vuldb.com/vuln/367293/cti
- https://github.com/open5gs/open5gs/issues/4469#issuecomment-4389805398
- https://github.com/open5gs/open5gs/pull/4527
- https://vuldb.com/submit/818583