Primary

Context

OpenAirInterface CN5G AMF Uninitialized Pointer Dereference Vulnerability in NGAP PDU Session Resource Setup Response Handling

Vulnerability

A vulnerability allowing for a denial-of-service (DoS) condition has been identified in OpenAirInterface CN5G AMF versions through 2.0.0. The issue arises from an uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response function. This vulnerability can be exploited by sending a crafted PDU Session Resource Setup Response over the N2 interface, causing the AMF to crash.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the AMF to crash and disrupt cellular communications managed by the AMF.

Reproduction

To reproduce this vulnerability, send a PDU Session Resource Setup Response message with a crafted Payload that exploits the uninitialized pointer dereference. This can be done over the N2 interface, which is used for communication between the RAN and the core network in 5G.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

8.0

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

8.0

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenAirInterface CN5G AMF Uninitialized Pointer Dereference Vulnerability in NGAP PDU Session Resource Setup Response Handling

Vulnerability

Impact

Reproduction

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating