CVE-2024-40129 – CVE-2024-40129 is a critical buffer overflow vu... (How to Fix)

📋 TL;DR

CVE-2024-40129 is a critical buffer overflow vulnerability in Open5GS v2.6.4's PFCP context handling that allows remote attackers to execute arbitrary code or cause denial of service. This affects all systems running vulnerable Open5GS deployments, particularly telecommunications infrastructure using 5G core networks.

💻 Affected Systems

Products:

Open5GS

Versions: v2.6.4 and possibly earlier versions

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the vulnerable PFCP context handling are affected regardless of configuration

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network

🟠

Likely Case

Denial of service affecting 5G network functionality and potential information disclosure

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations in place

🌐 Internet-Facing: HIGH - PFCP protocol may be exposed to untrusted networks in some deployments

🏢 Internal Only: HIGH - Even internal attackers could exploit this to compromise the 5G core

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow in PFCP handling suggests straightforward exploitation for skilled attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 2fbc445d32aa7749166396a9c055a199f90a1b01

Vendor Advisory: https://github.com/open5gs/open5gs/commit/2fbc445d32aa7749166396a9c055a199f90a1b01

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version or apply commit 2fbc445d32aa7749166396a9c055a199f90a1b01
2. Recompile Open5GS from source
3. Restart all Open5GS services
4. Verify the fix is applied

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict PFCP traffic to trusted sources only using firewall rules

iptables -A INPUT -p udp --dport 8805 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate Open5GS from untrusted networks
Deploy exploit mitigation technologies like ASLR, DEP, and stack canaries

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version and verify if commit 2fbc445d32aa7749166396a9c055a199f90a1b01 is applied

Check Version:

open5gs --version || check git log for commit 2fbc445d32aa7749166396a9c055a199f90a1b01

Verify Fix Applied:

Verify the patched version is running and test PFCP functionality

📡 Detection & Monitoring

Log Indicators:

Abnormal PFCP message sizes
Segmentation faults in Open5GS logs
Unexpected process termination

Network Indicators:

Unusually large PFCP packets
Malformed PFCP protocol messages

SIEM Query:

source="open5gs.log" AND ("segmentation fault" OR "buffer overflow" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2024-40129

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 16, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/open5gs/open5gs/commit/2fbc445d32aa7749166396a9c055a199f90a1b01 Patch
https://github.com/open5gs/open5gs/issues/2585 Exploit,Issue Tracking,Third Party Advisory
https://github.com/open5gs/open5gs/commit/2fbc445d32aa7749166396a9c055a199f90a1b01 Patch
https://github.com/open5gs/open5gs/issues/2585 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40129, you might also want to check these: