CVE-2023-36998

Name of the Vulnerable Software and Affected Versions NextEPC MME version 1.0.1 and earlier

Description The issue concerns a stack-based buffer overflow vulnerability in the Emergency Number List decoding method. An attacker can exploit this by sending a NAS message with an oversized Emergency Number List value to the MME, allowing them to overwrite the stack with arbitrary bytes. This can be done without authenticating with the LTE core, provided the attacker has a connection to any base station managed by the MME.

Recommendations For NextEPC MME version 1.0.1 and earlier, update to a version that includes the fix committed in a8492c9c5bc0a66c6999cb5a263545b32a4109df to resolve the issue. As a temporary workaround, consider restricting access to the NAS message handling functionality to minimize the risk of exploitation.