OpenAirInterface AMF Invalid NGAP Message Handling Causes Crash Vulnerability

A vulnerability in OpenAirInterface AMF version 2.2.0 leads to a crash when the application receives an NGAP message with an invalid procedure code or PDU type. For instance, a message that requires an 'InitiatingMessage' but is sent as a 'successfulOutcome' will trigger this issue. The crash occurs because the application attempts to free a memory address that was not allocated, indicating a memory management error.

Impact

Exploitation of this vulnerability causes a crash of the AMF application, disrupting its normal operation and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, launch the OpenAirInterface AMF application version 2.2.0 in a Docker container on Ubuntu 22.04 Server. After AMF is running, send an NGAP message with an invalid procedure code or PDU type, such as one that expects 'InitiatingMessage' but is formatted as 'successfulOutcome'. The application will crash upon receiving the message.

Remediation

Users can update to OpenAirInterface AMF version 2.2.1, which includes a fix for this vulnerability by updating the NGAP procedure code handling to align with the latest 3GPP specifications.