Uploaded image for project: 'Near Realtime RAN Intelligent Controller'
  1. Near Realtime RAN Intelligent Controller
  2. RIC-991

CVE-2023-40997 RMR: Crashes caused by improperly formatted packets

XMLWordPrintable

    • Icon: Security Bug Security Bug
    • Resolution: Done
    • Icon: Medium Medium
    • I
    • None
    • rmr

    • rmr library version: 4.9.0

      Hello,

      I would like to report an issue related to the incorrect format in the rmr library (ric-plt-lib-rmr).

      When RMR service receives a packet in an incorrect format, it crash during the packet parsing process

      • First, the header is extracted from the received packet. Due to the packet's incorrect format, the header value becomes abnormal.
      • Then, a memory location is calculated, leading to an illegal access in d1, as shown in the attached image.

      This is my initial analysis, and there might be errors. Please kindly forgive any mistakes.

       

      Through xApp, we can send packets of this nature to services that utilize this RMR library, leading to the disruption of the services.

       

      This problem can be found in components that utilize the RMR library.

       
       

        1. crash_packet
          143 kB
        2. upload_0ca730c3a339382c5bc1f2cdf326241e.png
          upload_0ca730c3a339382c5bc1f2cdf326241e.png
          60 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            alexandrehuff Alexandre Huff
            penguinic77 Nic Nic
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: