CVE-2024-24450

Name of the Vulnerable Software and Affected Versions OpenAirInterface CN5G AMF versions <= 2.0.0

Description The issue is a stack-based memcpy buffer overflow in the ngap handle pdu session resource setup response routine. This allows a remote attacker with access to the N2 interface to potentially carry out denial of service against the AMF and execute code by sending a PDU Session Resource Setup Response with a sufficiently large FailedToSetupList IE.

Recommendations For OpenAirInterface CN5G AMF versions <= 2.0.0, consider updating to a version that fixes this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.