Tasnim

Name of the Vulnerable Software and Affected Versions OpenAirInterface version 2.2.0 Description OpenAirInterface V2.2.0 AMF is susceptible to a crash when processing NGAP messages containing invalid procedure codes or PDU-types. This occurs, for example, when a message expects an 'InitiatingMessage' but receives a 'successfulOutcome' instead. Recommendations Update to a newer version of OpenAirInterface that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenAirInterface version 2.2.0 **Description** The AMF component within OpenAirInterface experiences crashes when it encounters failures during message decoding. While not all decoding failures lead to a crash, specific inputs consistently trigger the issue. An example of a crashing input, represented in hexadecimal stream, is '80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88'. **Recommendations** Update to a newer version of OpenAirInterface that addresses the message decoding issue in the AMF component.