CVE-2024-57519 – A denial-of-service vulnerability in Open5GS v2... (How to Fix)

📋 TL;DR

A denial-of-service vulnerability in Open5GS v2.7.2 allows remote attackers to crash the service via the ogs_dbi_auth_info function. This affects all systems running vulnerable versions of Open5GS, particularly those exposed to untrusted networks. The vulnerability stems from improper resource handling in the subscription database interface.

💻 Affected Systems

Products:

Open5GS

Versions: v2.7.2 and possibly earlier versions

Operating Systems: Linux, BSD systems where Open5GS runs

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the vulnerable subscription.c component are affected regardless of configuration.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Open5GS components, affecting mobile network core functionality and causing widespread service unavailability.

🟠

Likely Case

Targeted DoS attacks causing intermittent service outages and degraded performance for affected mobile network services.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially causing only temporary service interruptions.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication if Open5GS components are internet-facing.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this to disrupt services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The vulnerability requires crafting specific requests to trigger the resource exhaustion condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 08b9e7c55f72649ef25b5407e7e4d938f0f16531 and later versions

Vendor Advisory: https://github.com/open5gs/open5gs/issues/3635

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version or apply commit 08b9e7c55f72649ef25b5407e7e4d938f0f16531
2. Rebuild Open5GS from source
3. Restart all Open5GS services
4. Verify the fix is applied

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Open5GS components to trusted networks only

iptables -A INPUT -p tcp --dport [Open5GS ports] -s [trusted networks] -j ACCEPT
iptables -A INPUT -p tcp --dport [Open5GS ports] -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted sources only
Deploy rate limiting and monitoring for abnormal request patterns to Open5GS services

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version and verify if it's v2.7.2 or earlier

Check Version:

open5gs --version

Verify Fix Applied:

Verify the commit hash includes 08b9e7c55f72649ef25b5407e7e4d938f0f16531 or later, and test with crafted requests that previously caused crashes

📡 Detection & Monitoring

Log Indicators:

Repeated crashes or restarts of Open5GS processes
Error messages related to ogs_dbi_auth_info or subscription.c
Abnormal memory usage patterns

Network Indicators:

Unusual traffic patterns to Open5GS subscription endpoints
High volume of malformed requests to vulnerable ports

SIEM Query:

source="open5gs.log" AND ("ogs_dbi_auth_info" OR "subscription.c" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2024-57519

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.6% exploit probability (69th percentile)

Published: January 28, 2025

Last Updated: April 30, 2025

🔗 References

https://github.com/f4rs1ght/vuln-research/tree/main/CVE-2024-57519 Exploit,Third Party Advisory
https://github.com/open5gs/open5gs/commit/08b9e7c55f72649ef25b5407e7e4d938f0f16531 Patch,Vendor Advisory
https://github.com/open5gs/open5gs/issues/3635 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57519, you might also want to check these: