VYPR

Oai Cn5g Amf

by Openairinterface

CVEs (14)

  • CVE-2026-30079CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is…

  • CVE-2026-30080HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade…

  • CVE-2026-30075HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for…

  • CVE-2026-30078HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.

  • CVE-2024-24451HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

  • CVE-2024-24444HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

  • CVE-2024-24442HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

  • CVE-2024-24443MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

  • CVE-2024-24446MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF.

  • CVE-2024-24449MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.

  • CVE-2024-24450MedNov 15, 2024
    risk 0.35cvss 5.3epss 0.01

    Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending…

  • CVE-2024-24447MedNov 15, 2024
    risk 0.34cvss 5.3epss 0.01

    A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list.

  • CVE-2025-66786Jan 7, 2026
    risk 0.00cvss epss 0.00

    OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

  • CVE-2025-65805Jan 7, 2026
    risk 0.00cvss epss 0.00

    OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF.