CVE-2023-37008

Name of the Vulnerable Software and Affected Versions Open5GS MME versions <= 2.6.4

Description The issue is caused by a buffer overflow in the ASN.1 deserialization function of the S1AP handler, leading to type confusion in decoded fields. This results in invalid parsing and freeing of memory, which can cause an MME to crash or potentially allow code execution in certain circumstances.

Recommendations For Open5GS MME versions <= 2.6.4, update to a version greater than 2.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the S1AP handler to minimize the risk of exploitation.