Primary

Context

OpenAirInterface CN5G AMF Null Dereference Vulnerability in NGAP Message Handling Allowing Denial-of-Service

Vulnerability

A null dereference vulnerability has been identified in OpenAirInterface CN5G AMF versions through 2.0.0. The issue arises in the application's handling of unsupported NGAP protocol messages. When an unsupported procedure code and presence field tuple is received, the application incorrectly indexes into a null function pointer, leading to a dereference. This vulnerability allows an attacker with network-adjacent access to the AMF to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the Access and Mobility Management Function (AMF) component of the cellular network.

Reproduction

To reproduce this vulnerability, send a crafted NGAP message to the AMF that includes an unsupported procedure code and presence field. The message should be transmitted over the N2 interface, which is accessible to remote attackers.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenAirInterface CN5G AMF Null Dereference Vulnerability in NGAP Message Handling Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating