CVE-2023-37029
Published: 21 January 2025
Description
Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.
Security Summary
CVE-2023-37029 is an assertion-based denial-of-service vulnerability affecting Magma versions up to and including 1.8.0, specifically impacting the Mobility Management Entity (MME) component. The flaw triggers a crash when the MME processes an oversized Non-Access Stratum (NAS) packet, as rated at CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and mapped to CWE-617 (Reachable Assertion). This issue was fixed in Magma version 1.9 via commit 08472ba98b8321f802e95f5622fa90fec2dea486.
An attacker can exploit this vulnerability over the network with low complexity and no privileges required. Exploitation is possible either through a compromised base station or by using an unauthenticated cellphone within range of a base station managed by the vulnerable MME. By sending oversized NAS packets repeatedly, the attacker can cause ongoing crashes of the MME, resulting in a denial of service that disrupts network connectivity for users relying on the affected infrastructure.
Mitigation requires upgrading to Magma v1.9 or later, incorporating the specified fixing commit. Additional details on the vulnerability, including technical analysis, are available in the advisory at https://cellularsecurity.org/ransacked.
Details
- CWE(s)