CVE-2024-34235

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4

Description: The issue allows an attacker to send a malformed ASN.1 packet over the S1AP interface, triggering an assertion that can cause the MME to crash repeatedly, resulting in denial of service. This can be achieved by sending an Initial UE Message without the required NAS PDU field.

Recommendations: For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the S1AP interface to minimize the risk of exploitation. Avoid processing Initial UE Message packets missing the NAS PDU field until the issue is resolved.