CVE-2022-43222 is a high-severity vulnerability identified in open5gs version 2.4.11, specifically within the source file src/smf/pfcp-path.c. The vulnerability is a memory leak (classified under CWE-401), which occurs when the system fails to properly release allocated memory after processing certain inputs. In this case, crafted PFCP (Packet Forwarding Control Protocol) packets can trigger the leak. PFCP is a protocol used in 5G core networks for control plane communication between the Session Management Function (SMF) and User Plane Function (UPF). Exploiting this vulnerability allows an unauthenticated remote attacker to cause a Denial of Service (DoS) by exhausting system memory resources, leading to degraded performance or crash of the affected network function. The CVSS v3.1 base score is 7.5, reflecting a high impact on availability with no impact on confidentiality or integrity. The attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making it relatively easy to exploit remotely. No known exploits are reported in the wild as of the publication date. The vulnerability affects open5gs, an open-source implementation of the 5G core network, which is increasingly adopted by telecom operators and enterprises for 5G deployments. The absence of vendor or product-specific details suggests the issue is intrinsic to the open5gs project itself. Given the critical role of SMF in managing session contexts and PFCP in controlling user plane functions, this vulnerability poses a risk to the stability and availability of 5G core network services relying on open5gs.

For European organizations, especially telecom operators and service providers deploying open5gs as part of their 5G core infrastructure, this vulnerability can lead to significant service disruptions. A successful attack could cause memory exhaustion in SMF components, resulting in denial of service conditions that degrade or interrupt 5G network connectivity for end users. This impacts not only consumer mobile services but also critical enterprise and industrial applications relying on 5G connectivity, such as IoT deployments, smart city infrastructure, and emergency services. The disruption could lead to financial losses, reputational damage, and regulatory scrutiny under frameworks like GDPR and NIS Directive due to service unavailability. Additionally, the ease of exploitation without authentication increases the risk of opportunistic attacks from external threat actors. While no known exploits exist currently, the public disclosure and high CVSS score necessitate proactive mitigation to prevent future exploitation attempts.

To mitigate this vulnerability, European organizations using open5gs should immediately assess their deployments for version 2.4.11 or earlier and plan for an upgrade to a patched version once available. In the absence of an official patch, organizations can implement network-level protections such as filtering and rate-limiting PFCP traffic from untrusted sources to reduce exposure. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting anomalous PFCP packets can help detect and block exploit attempts. Monitoring memory usage and system logs of SMF components for unusual patterns can provide early warning signs of exploitation. Network segmentation to isolate core network functions and applying strict access controls to management interfaces will limit attack surfaces. Engaging with the open5gs community or vendors for timely updates and applying security hardening best practices for 5G core components are also recommended. Finally, conducting regular security assessments and penetration tests focusing on 5G core protocols can help identify and remediate similar vulnerabilities proactively.