When I use open5gs of version 2.1.4 on Ubuntu 20.04 system, I found a problem:
When the UE is in initially registered period, if the length of MSIN(part of Supi) exceeds the normal length by 24 characters, AMF stack smashing will be caused, resulting in denial of AMF service
I analyzed the causes of this problem:
When open5gs handles the initialUEMessage process, the requested space size is fixed(OGS_MAX_IMSI_BCD_LEN is 15), and AMF does not verify the length of Supi number,This leads to stack overflow
The text was updated successfully, but these errors were encountered:
yblog123
changed the title
Version2.4.1 :AMF stack smashing
Version2.1.4 :AMF stack smashing
Oct 18, 2021
I've fixed this issue and updated it to the main branch on github.
Thank you so much!
Sukchan
pobk
added
the
Housekeeping:ToClose
Issues reviewed and closed. Old requests, issues which are not bug, feature or documentation request
label
Feb 18, 2023
This issue has been closed automatically due to lack of activity. This has been done to try and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to re-open this issue if necessary.
When I use open5gs of version 2.1.4 on Ubuntu 20.04 system, I found a problem:
When the UE is in initially registered period, if the length of MSIN(part of Supi) exceeds the normal length by 24 characters, AMF stack smashing will be caused, resulting in denial of AMF service

I analyzed the causes of this problem:

When open5gs handles the initialUEMessage process, the requested space size is fixed(OGS_MAX_IMSI_BCD_LEN is 15), and AMF does not verify the length of Supi number,This leads to stack overflow
The text was updated successfully, but these errors were encountered: