CVE-2023-37013

Name of the Vulnerable Software and Affected Versions Open5GS MME versions prior to 2.6.4

Description The issue concerns an assertion in Open5GS MME that can be remotely triggered via a sufficiently large ASN.1 packet sent over the S1AP interface. An attacker can repeatedly send such oversized packets to cause the ogs sctp recvmsg routine to reach an unexpected network state, leading to a denial of service.

Recommendations For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the S1AP interface to minimize the risk of exploitation. Avoid using the ogs sctp recvmsg routine until the issue is resolved.