Description
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).
Published: 2026-04-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A buffer overflow occurs in OpenAirInterface Version 2.2.0 when the AMF processes an Oversized Authentication Response within a UplinkNASTransport. The oversized PDU is decoded by the AMF and then forwarded to AUSF, where it triggers a crash. The resulting crash prevents users from completing registration and verification, leading to a denial of service for the affected network functions.

Affected Systems

The vulnerability affects the OpenAirInterface CN5G AMF component, specifically version 2.2.0. No other versions are listed as impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity with a substantial impact on availability. The EPSS score below 1% suggests current exploitation attempts are unlikely, and it is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a crafted Authentication Response packet sent from the network or a compromised UE to the AMF; this requires network access to the AMF/AUSF communication path.

Generated by OpenCVE AI on April 14, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenAirInterface to the latest available version that resolves the buffer overflow issue.
  • Check for and apply any vendor‑supplied patches or hotfixes for the CN5G AMF component.
  • If an upgrade is not immediately possible, isolate the AMF/AUSF functions from untrusted traffic or implement ingress filtering to reject malformed Authentication Response messages.
  • Monitor system logs for repeated crashes or anomalous authentication attempts that could indicate exploitation attempts.
  • Keep the network functions updated and conduct periodic security reviews following the latest advisories from the OpenAirInterface project.

Generated by OpenCVE AI on April 14, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Openairinterface oai-cn5g-amf
CPEs cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*
Vendors & Products Openairinterface oai-cn5g-amf

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in OpenAirInterface 2.2.0 Causes AUSF Crash and Denial of Service

Fri, 10 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Openairinterface
Openairinterface oai-cn5g-ausf
Vendors & Products Openairinterface
Openairinterface oai-cn5g-ausf

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in OpenAirInterface 2.2.0 Causes AUSF Crash and Denial of Service
Weaknesses CWE-120

Wed, 08 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
Description OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).
References

Subscriptions

Openairinterface Oai-cn5g-amf Oai-cn5g-ausf
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-09T20:48:57.341Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30075

cve-icon Vulnrichment

Updated: 2026-04-09T20:48:47.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T17:21:18.503

Modified: 2026-04-14T15:47:23.860

Link: CVE-2026-30075

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:15:11Z

Weaknesses