A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is the recommended action to fix this issue.
Weakness
The product does not release or incorrectly releases a resource before it is made available for re-use.
Potential Mitigations
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/125.html
- https://cwe.mitre.org/data/definitions/130.html
- https://cwe.mitre.org/data/definitions/131.html
- https://cwe.mitre.org/data/definitions/494.html
- https://cwe.mitre.org/data/definitions/495.html
- https://cwe.mitre.org/data/definitions/496.html
- https://cwe.mitre.org/data/definitions/666.html