Primary

Context

OpenAirInterface AMF Message Decoding Failure Leading to Crash Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in OpenAirInterface AMF version 2.2.0. The issue arises when the AMF fails to decode certain NGAP messages, leading to a crash. While not all decoding errors cause a crash, specific inputs consistently trigger this failure. The vulnerability was discovered in a Docker deployment on Ubuntu 22.04 Server.

Impact

Exploitation of this vulnerability causes the AMF process to crash, disrupting service and potentially leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, launch the OpenAirInterface AMF version 2.2.0 in a Docker container on Ubuntu 22.04 Server. Send an NGAP message that includes the hexadecimal input known to cause the crash. The AMF will fail to decode the message and crash, as indicated by an error message in the logs.

Remediation

Users can update to OpenAirInterface AMF version 2.2.1, which includes a fix for this vulnerability.

Added: Mar 30, 2026, 6:48 PM

Updated: Mar 30, 2026, 6:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenAirInterface AMF Message Decoding Failure Leading to Crash Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating