Executive Summary

This vulnerability exists in the Open5GS software, specifically in the BSF (Binding Support Function) component. It occurs when the function bsf_sess_add_by_ip_address processes an invalid IPv4 address argument (ipv4Addr) in a POST request to the /nbsf-management/v1/pcfBindings endpoint.

The problem arises because the BSF tries to create a new session using the invalid IPv4 address. When the function ogs_ipv4_from_string() fails to parse this invalid address, an assertion fails (ogs_assert(sess)), causing the BSF process to crash and exit unexpectedly.

Instead of handling the invalid input gracefully by returning an HTTP error, the BSF crashes, leading to a denial of service condition.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a denial of service (DoS) on systems running the affected Open5GS BSF component. An attacker can remotely send a specially crafted request with an invalid IPv4 address to cause the BSF to crash.

When the BSF crashes, it becomes unresponsive, potentially disrupting the 5G core network services that rely on it. This can affect network availability and reliability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for crashes or unexpected exits of the BSF (Binding Support Function) component in Open5GS, especially when it processes POST requests to the endpoint /nbsf-management/v1/pcfBindings.

Specifically, sending a POST request with an invalid ipv4Addr string to this endpoint can trigger the vulnerability, causing the BSF to crash with exit code 139.

To detect this on your system, you can use commands to monitor the BSF process status and logs for crashes or abnormal terminations.

• Use system process monitoring commands such as: `ps aux | grep bsf` to check if the BSF process is running.
• Check system logs or Open5GS logs for crash messages or exit codes, for example: `journalctl -u open5gs-bsf` or `tail -f /var/log/open5gs/bsf.log`.
• Simulate the attack by sending a crafted POST request with an invalid ipv4Addr to the vulnerable endpoint using curl: `curl -X POST http://<open5gs-ip>:<port>/nbsf-management/v1/pcfBindings -d '{"ipv4Addr":"invalid_ip"}' -H 'Content-Type: application/json'` and observe if the BSF crashes.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include monitoring and restricting access to the vulnerable BSF endpoint to prevent malicious POST requests with invalid ipv4Addr values.

Since the vulnerability causes a denial of service by crashing the BSF, it is important to implement network-level protections such as firewall rules or API gateway filters to block malformed or suspicious requests targeting /nbsf-management/v1/pcfBindings.

Additionally, keep the Open5GS software updated and monitor the official repository or issue tracker for patches or fixes addressing this vulnerability.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability causes a denial of service by crashing the BSF component of Open5GS when processing invalid IPv4 addresses. While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, denial of service incidents can impact the availability of services, which is a key aspect of many regulatory requirements.

Specifically, regulations like GDPR and HIPAA require organizations to ensure the availability and resilience of their systems to protect personal and sensitive data. A denial of service vulnerability could lead to service outages, potentially affecting compliance with these availability requirements.

However, there is no direct information in the provided context or resources linking this vulnerability to specific compliance violations or data breaches.

Useful 0 Not Useful 0