Primary

Context

OpenAirInterface CN5G AMF NULL Pointer Dereference Vulnerability in NGAP Message Handling

Vulnerability

A NULL pointer dereference vulnerability has been identified in the OpenAirInterface CN5G Access and Mobility Management Function (AMF) versions through 2.0.0. The issue arises in the ngap_app::handle_receive function, where the application fails to properly handle unsupported NGAP protocol messages. This flaw allows attackers to send crafted NGAP messages that cause a denial-of-service condition by crashing the AMF.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the AMF to crash and disrupt cellular communications managed by the AMF.

Reproduction

To reproduce this vulnerability, send a crafted NGAP message that includes an unsupported procedure code or presence field. The AMF will crash, causing a denial-of-service condition on the network.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

8.0

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

8.0

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenAirInterface CN5G AMF NULL Pointer Dereference Vulnerability in NGAP Message Handling

Vulnerability

Impact

Reproduction

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating