VYPR
Vendor

Openairinterface

Products
9
CVEs
20
Across products
34
Status
Private

Products

9

Recent CVEs

20
  • CVE-2026-30079CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is…

  • CVE-2026-37232HigJun 1, 2026
    risk 0.56cvss 8.6epss 0.00

    An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c (lines 182 and 197) compute PRB…

  • CVE-2026-30080HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade…

  • CVE-2026-30075HigApr 8, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for…

  • CVE-2026-30078HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.

  • CVE-2026-30077HigMar 30, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.

  • CVE-2024-24451HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

  • CVE-2024-24444HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

  • CVE-2024-24442HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

  • CVE-2024-24426HigNov 15, 2024
    risk 0.49cvss 7.5epss 0.00

    Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

  • CVE-2024-24443MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

  • CVE-2024-24445MedJan 21, 2025
    risk 0.42cvss 6.5epss 0.00

    OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is…

  • CVE-2024-24446MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF.

  • CVE-2024-24425MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

  • CVE-2024-24449MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.

  • CVE-2024-24450MedNov 15, 2024
    risk 0.35cvss 5.3epss 0.01

    Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending…

  • CVE-2024-24447MedNov 15, 2024
    risk 0.34cvss 5.3epss 0.01

    A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list.

  • CVE-2025-66786Jan 7, 2026
    risk 0.00cvss epss 0.00

    OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

  • CVE-2025-65805Jan 7, 2026
    risk 0.00cvss epss 0.00

    OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF.

  • CVE-2025-26265Mar 27, 2025
    risk 0.00cvss epss 0.00

    A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.