{"id":"CVE-2023-23846","details":"Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C","modified":"2026-07-08T08:12:42.671310007Z","published":"2023-02-01T00:00:00Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"2.4.12"},{"last_affected":"2.5.6"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"SNPS","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23846.json","cwe_ids":["CWE-770"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23846.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23846"},{"type":"ADVISORY","url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-open5gs-gtp-library/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"3531166d38510e65b2c98a8cf2a409bff9c04dfe"},{"last_affected":"3531166d38510e65b2c98a8cf2a409bff9c04dfe"}],"database_specific":{"extracted_events":[{"introduced":"2.5.6"},{"last_affected":"2.5.6"}],"source":"CPE_STRING","cpe":"cpe:2.3:a:open5gs:open5gs:2.5.6:*:*:*:*:*:*:*"}}],"versions":["2.5.6","v2.5.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23846.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}