CVE-2023-37008 – CVE-2023-37008 is a buffer overflow vulnerabili... (How to Fix)

Q: How do I fix CVE-2023-37008?

1. Backup current configuration. 2. Stop Open5GS MME service. 3. Update to Open5GS version 2.6.5 or later. 4. Restart MME service. 5. Verify service is running correctly.

Q: What is the severity of CVE-2023-37008?

CVE-2023-37008 has a CVSS score of 5.3 (MEDIUM). CVE-2023-37008 is a buffer overflow vulnerability in Open5GS MME's ASN.1 deserialization function that can cause type confusion during S1AP message processing. This allows attackers to crash the MME service or potentially execute arbitrary code in certain conditions. Affected systems are those running Open5GS MME versions 2.6.4 and earlier.

📋 TL;DR

CVE-2023-37008 is a buffer overflow vulnerability in Open5GS MME's ASN.1 deserialization function that can cause type confusion during S1AP message processing. This allows attackers to crash the MME service or potentially execute arbitrary code in certain conditions. Affected systems are those running Open5GS MME versions 2.6.4 and earlier.

💻 Affected Systems

Products:

Open5GS MME

Versions: <= 2.6.4

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions are affected as this is in core S1AP message handling.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete compromise of the MME, potentially allowing attacker to intercept/modify cellular network traffic or pivot to other network elements.

🟠

Likely Case

Denial of service through MME crash, disrupting cellular network connectivity for affected users.

🟢

If Mitigated

Service disruption limited to MME restart if proper segmentation and monitoring are in place.

🌐 Internet-Facing: MEDIUM - MME typically sits behind multiple network layers but could be exposed in some deployments.

🏢 Internal Only: HIGH - Within cellular core network, this is a critical component that processes untrusted S1AP messages from eNodeBs.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted S1AP messages to the MME, which requires network access to the S1 interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.5

Vendor Advisory: https://github.com/open5gs/open5gs/security/advisories/GHSA-xxxx-xxxx-xxxx

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Open5GS MME service. 3. Update to Open5GS version 2.6.5 or later. 4. Restart MME service. 5. Verify service is running correctly.

🔧 Temporary Workarounds

Network segmentation

linux

Restrict S1 interface access to trusted eNodeBs only using firewall rules.

iptables -A INPUT -p sctp --dport 36412 -s trusted_eNodeB_ip -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to limit S1 interface access to authorized eNodeBs only.
Deploy intrusion detection systems monitoring for anomalous S1AP message patterns and implement automated MME restart on crash detection.

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-mmed --version. If version is 2.6.4 or earlier, system is vulnerable.

Check Version:

open5gs-mmed --version

Verify Fix Applied:

After patching, verify version is 2.6.5 or later and test S1AP message processing with normal eNodeB connections.

📡 Detection & Monitoring

Log Indicators:

MME crash logs
ASN.1 parsing errors in Open5GS logs
Unexpected memory allocation failures

Network Indicators:

Malformed S1AP messages
Unusual SCTP packet patterns to port 36412

SIEM Query:

source="open5gs.log" AND ("segmentation fault" OR "buffer overflow" OR "ASN.1 error")

📊 Metadata

CVE ID: CVE-2023-37008

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-617

EPSS Score: 0.03% exploit probability (7th percentile)

Published: January 22, 2025

Last Updated: April 22, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37008, you might also want to check these: