CVE-2023-37022

Name of the Vulnerable Software and Affected Versions Open5GS MME versions <= 2.6.4

Description The issue is related to a reachable assertion in the UE Context Release Request packet handler. A packet containing an invalid MME UE S1AP ID field causes Open5GS to crash. An attacker may repeatedly send such packets to cause denial of service.

Recommendations For Open5GS MME versions <= 2.6.4, consider updating to a version greater than 2.6.4 to resolve the issue. As a temporary workaround, restrict access to the UE Context Release Request packet handler to minimize the risk of exploitation. Avoid sending packets with invalid MME UE S1AP ID fields to prevent denial of service.