CVE-2023-37019

Name of the Vulnerable Software and Affected Versions Open5GS MME versions prior to 2.6.4

Description The issue allows an attacker to send a malformed ASN.1 packet over the S1AP interface, triggering an assertion that can cause the MME to crash repeatedly, resulting in denial of service. This can be achieved by sending an S1Setup Request message without the required Supported TAs field.

Recommendations For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the S1AP interface to minimize the risk of exploitation. Avoid using the S1Setup Request message without the Supported TAs field until the issue is resolved.