Open5GS AMF远程拒绝服务漏洞(CVE待分配)

# 漏洞总结 ## 漏洞概述 - **标题**: [Bug]: Reachable assertion in message.c:build_json allows remote Denial of Service of AMF #4321 - **状态**: Closed - **报告者**: ljungnickel - **报告时间**: Feb 19 - **漏洞类型**: 远程拒绝服务 (Remote Denial of Service) - **漏洞描述**: 当接收到包含非零、不存在 GUTI 作为 SGID 的 AMF UE 的 InitialUEMessage NGAP 消息时，AMF 会崩溃。 ## 影响范围 - **受影响版本**: OpenSGS Release, Revision, or Tag: v2.7.0 - **受影响组件**: AMF (Access and Mobility Management Function) ## 修复方案 - **修复者**: acetcom - **修复时间**: Mar 10 - **修复内容**: - 添加了一个引用此问题的提交。 - 修复了 normalize invalid reg type 和 ignore placeholder 5G-GUTI in con 的问题。 ## 日志信息 ``` 02/18 16:15:45.043: [amf] INFO: InitialUEMessage [../src/amf/context.c:2777] 02/18 16:15:45.043: [amf] INFO: [Ambe] Number of AMF-UEs is now 1 [../src/amf/context.c:1688] 02/18 16:15:45.043: [amf] INFO: RAN UE NGAP ID[20856] AMF UE NGAP ID[1] TAC[1] CellID[0x40001] [../src/amf/ng-handler.c:1593] 02/18 16:15:45.043: [amf] INFO: Unknown UE by SG-5_TMSI[AMF_ID:0x0,AMF_TMSI:0x0] [../src/amf/ng-handler.c:1593] 02/18 16:15:45.043: [amf] INFO: [Ambe] Number of AMF-UEs is now 1 [../src/amf/context.c:1688] 02/18 16:15:45.043: [gmm] INFO: Registration request [../src/amf/gmm/sm.c:1670] 02/18 16:15:45.043: [gmm] INFO: [Unknown ID] SG-5_GUTI[AMF_ID:0x0,AMF_TMSI:0x0] [../src/amf/gmm-handler.c:196] 02/18 16:15:45.043: [gmm] ERROR: Unknown reg type[0] [../src/amf/gmm/sm.c:1699] 02/18 16:15:45.043: [gmm] INFO: [Unknown ID] SG-5_GUTI[AMF_ID:0x0,AMF_TMSI:0x0] [../src/amf/gmm-handler.c:832] 02/18 16:15:45.043: [gmm] INFO: Serving Gumi[PLMN_ID:0x00900,AMF_ID:0x0000] [../src/amf/gmm-handler.c:435] 02/18 16:15:45.043: [core] ERROR: Ogsipdu:am_context_transfer_reg_data_convertToJSON() failed [reason] [../lib/so 02/18 16:15:45.044: [sbi] FATAL: build_json: Assertion `item != NULL' [../lib/core/ogsi-assert.c:173] 02/18 16:15:45.044: [core] FATAL: backtrace() returned 16 addresses [../lib/core/ogsi-assert.c:37] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b319f7f99) [0x7f2b319f7f99] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b31976742) [0x7f2b31976742] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_64-linux-gnu/libopen5gs.so.2(0x7f2b3196f92a) [0x7f2b3196f92a] /home/fuzz/open5gs_prod/install/lib/x86_

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

Open5GS AMF远程拒绝服务漏洞(CVE待分配)

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Open5GS AMF远程拒绝服务漏洞(CVE待分配)

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！