VYPR

Openairinterface

by Openairinterface

CVEs (10)

  • CVE-2026-37232HigJun 1, 2026
    risk 0.56cvss 8.6epss 0.00

    An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c (lines 182 and 197) compute PRB…

  • CVE-2026-30080HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade…

  • CVE-2026-30075HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for…

  • CVE-2026-30077HigMar 30, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.

  • CVE-2024-24442HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

  • CVE-2024-24443MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

  • CVE-2024-24445MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is…

  • CVE-2024-24449MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.

  • CVE-2024-24450MedNov 15, 2024
    risk 0.35cvss 5.3epss 0.01

    Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending…

  • CVE-2025-26265Mar 27, 2025
    risk 0.00cvss epss 0.00

    A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.