CVE-2023-37032: 
NixOS vulnerability analysis and mitigation

A Stack-based buffer overflow vulnerability exists in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486). The vulnerability allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized 'Emergency Number List' Information Element (NVD, Cellular Security).

The vulnerability occurs in the decode_emergency_number_list_ie function where a fixed-size buffer is used without proper length validation when handling emergency numbers listed in the Emergency Number List field of received NAS packets. The MME uses a static buffer defined by EMERGENCY_NUMBER_MAX_DIGITS but fails to validate that the incoming length (e->lengthofemergencynumberinformation) does not exceed this size before copying data. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (NVD).

When exploited, this vulnerability allows an attacker to cause a buffer overflow by sending a NAS packet with an oversized Emergency Number List, resulting in a crash of the MME component. This can lead to a denial of service affecting cellular communications at a city-wide level, disrupting both regular and emergency cellular services (Cellular Security).

The vulnerability has been fixed in Magma version 1.9 with commit 08472ba98b8321f802e95f5622fa90fec2dea486. Organizations running affected versions should upgrade to the patched version immediately (NVD).