Acetcom

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.1 **Description** The issue is related to a reachable assertion that can cause an AMF crash via NAS messages from a UE. This occurs in the `gmm state authentication` function in `amf/gmm-sm.c` when the condition `!= OGS ERROR` is met. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the handling of NAS messages from UEs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open5GS versions prior to 2.7.1 **Description** The issue is related to a reachable assertion that can cause an AMF crash via NAS messages from a UE. This occurs due to improper handling of the `pkbuf->len` variable in the `ogs nas encrypt` function located in `lib/nas/common/security.c`. **Recommendations** For versions prior to 2.7.1, upgrade to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the handling of NAS messages from UEs to minimize the risk of exploitation. Audit the code for similar issues related to improper length handling to prevent future vulnerabilities.