CVE-2023-23846
📋 TL;DR
CVE-2023-23846 is a denial-of-service vulnerability in Open5GS GTP library where specially crafted GTPv1-U messages with zero-length extension headers cause infinite loops. This affects any system using vulnerable Open5GS GTP library versions, making affected processes unresponsive and consuming excessive resources.
💻 Affected Systems
- Open5GS GTP library
📦 What is this software?
Open5gs by Open5gs
Open5gs by Open5gs
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for all GTP traffic processing, potentially affecting mobile network services that rely on Open5GS for packet core functionality.
Likely Case
Targeted DoS attacks against Open5GS deployments causing service disruption for affected network functions.
If Mitigated
Limited impact if network segmentation and rate limiting prevent malicious GTP traffic from reaching vulnerable systems.
🎯 Exploit Status
Exploitation requires sending specially crafted GTPv1-U packets but is straightforward once the packet format is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4.13 or 2.5.7
Vendor Advisory: https://github.com/open5gs/open5gs/security/advisories/GHSA-5g5m-6q5q-5q5q
Restart Required: Yes
Instructions:
1. Update Open5GS to version 2.4.13 or 2.5.7. 2. Recompile and reinstall if using source. 3. Restart all Open5GS services. 4. Verify the update with version check.
🔧 Temporary Workarounds
Network filtering for GTP traffic
allImplement network filtering to block or inspect GTP packets with suspicious extension headers before they reach vulnerable systems.
Rate limiting GTP traffic
linuxConfigure rate limiting on GTP interfaces to mitigate DoS impact.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Open5GS systems from untrusted networks
- Deploy intrusion prevention systems with GTP protocol anomaly detection capabilities
🔍 How to Verify
Check if Vulnerable:
Check Open5GS version: if version is below 2.4.13 (for 2.4.x branch) or below 2.5.7 (for 2.5.x branch), system is vulnerable.Check Version:
open5gs --version or check package manager (apt list --installed | grep open5gs or rpm -qa | grep open5gs)Verify Fix Applied:
Confirm Open5GS version is 2.4.13 or higher (2.4.x branch) or 2.5.7 or higher (2.5.x branch). Test with simulated GTP traffic containing zero-length extension headers.📡 Detection & Monitoring
Log Indicators:
- Process hanging or high CPU usage in Open5GS logs
- GTP message processing errors or timeouts
Network Indicators:
- Unusual GTP traffic patterns with malformed extension headers
- Sudden increase in GTP packet volume from single sources
SIEM Query:
source="open5gs" AND ("high cpu" OR "unresponsive" OR "timeout" OR "infinite loop")