Description
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.
In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ngap_recv_handler/s1ap_recv_handler/recv_handler der Komponente SCTP Partial Message Handler. Mittels Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Patch wird als cfa44575020f3fb045fd971358442053c8684d3d bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
Problem types
Timeline
| 2025-07-11: | Advisory disclosed |
| 2025-07-11: | VulDB entry created |
| 2025-07-11: | VulDB entry last update |
Credits
SQ0409 (VulDB User)
References
github.com/open5gs/open5gs/issues/3878/
github.com/open5gs/open5gs/issues/3878
vuldb.com/?id.316135 (VDB-316135 | Open5GS SCTP Partial Message recv_handler assertion)
vuldb.com/?ctiid.316135 (VDB-316135 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.610601 (Submit #610601 | Open5GS <=2.7.3 Reachable Assertion)
github.com/open5gs/open5gs/issues/3878/
github.com/open5gs/open5gs/issues/3878
github.com/...ommit/cfa44575020f3fb045fd971358442053c8684d3d