CVE-2023-37032

7.5 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in Magma's Mobile Management Entity (MME) allows remote attackers to crash the service by sending specially crafted NAS packets with oversized Emergency Number List elements. This affects Magma versions 1.8.0 and earlier, potentially disrupting cellular network services for affected deployments.

💻 Affected Systems

Products:

• Magma Core

Versions: <= 1.8.0

Operating Systems: Linux-based systems running Magma

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable Magma versions with MME component enabled are affected.

📦 What is this software?

Magma by Linuxfoundation

View all CVEs affecting Magma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for cellular network subscribers in affected areas, potentially leading to service disruption and emergency call failures.

🟠

Likely Case

MME service crash requiring restart, causing temporary service interruption for mobile users.

🟢

If Mitigated

Service remains stable with proper network segmentation and monitoring in place.

🌐 Internet-Facing: MEDIUM - Attack requires sending packets to MME interface, but cellular infrastructure is typically not directly internet-exposed.

🏢 Internal Only: HIGH - Attackers with access to the cellular network or adjacent systems could exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed NAS packets to the MME interface, which typically requires network access to the cellular core.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486)

Vendor Advisory: https://cellularsecurity.org/ransacked

Restart Required: Yes

Instructions:

1. Update Magma to version 1.9 or later. 2. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using custom build. 3. Restart MME service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to MME interfaces to trusted network segments only

Rate Limiting

all

Implement rate limiting on NAS packet processing to limit impact

🧯 If You Can't Patch

• Implement strict network access controls to MME interfaces
• Deploy intrusion detection systems to monitor for malformed NAS packets

🔍 How to Verify

Check if Vulnerable:

Copy

Check Magma version: if <= 1.8.0, system is vulnerable

Check Version:

Copy

magma version

Verify Fix Applied:

Copy

Verify version is >= 1.9 or contains commit 08472ba98b8321f802e95f5622fa90fec2dea486

📡 Detection & Monitoring

Log Indicators:

• MME service crashes
• Segmentation fault errors in MME logs
• Abnormal NAS packet processing errors

Network Indicators:

• Unusually large NAS packets
• Multiple connection attempts with malformed Emergency Number List elements

SIEM Query:

Copy

source="magma_mme.log" AND ("segmentation fault" OR "buffer overflow" OR "emergency number list")

📊 Metadata

CVE ID: CVE-2023-37032

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 1.13% exploit probability (78th percentile)

Published: January 21, 2025

Last Updated: March 13, 2025

🔗 References

• https://cellularsecurity.org/ransacked Exploit,Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37032, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)

CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)

CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)