HIGH🇬🇧 English

CVE-2026-30078

CVSS 7.5v3.1pub. 2026-04-06upd. 2026-04-10

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Openairinterface Oai Cn5g Amf

    APP
    Openairinterface
    2.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-30079CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelniania w OpenAirInterface AMF (OAI-CN5G) przez błąd stanów rejestracji UE

CVE-2026-30075HIGH7.5ten sam produkt

OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing...

CVE-2026-30080HIGH7.5ten sam produkt

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has sup...

CVE-2025-65805HIGH7.5ten sam produkt

OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized...

CVE-2025-66786HIGH7.5ten sam produkt

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized ...