Headline
CVE-2023-40997: [RIC-991] RMR: Crashes caused by improperly formatted packets
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.
Hello,
I would like to report an issue related to the incorrect format in the rmr library (ric-plt-lib-rmr).
When RMR service receives a packet in an incorrect format, it crash during the packet parsing process
- First, the header is extracted from the received packet. Due to the packet’s incorrect format, the header value becomes abnormal.
- Then, a memory location is calculated, leading to an illegal access in d1, as shown in the attached image.
This is my initial analysis, and there might be errors. Please kindly forgive any mistakes.
Through xApp, we can send packets of this nature to services that utilize this RMR library, leading to the disruption of the services.
This problem can be found in components that utilize the RMR library.