PT-2025-2382 · Unknown · Openairinterface Cn5G Amf

Published

2025-01-21

Updated

2025-01-22

CVE-2024-24443

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: OpenAirInterface CN5G AMF (oai-cn5g-amf) versions up to v2.0.0

Description: The issue is caused by an uninitialized pointer dereference in the ngap handle pdu session resource setup response routine. This allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.

Recommendations: For versions up to v2.0.0, consider disabling the ngap handle pdu session resource setup response routine as a temporary workaround until a patch is available. Restrict access to the vulnerable routine to minimize the risk of exploitation. Avoid using crafted PDU Session Resource Setup Responses in the affected routine until the issue is resolved.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2024-24443

Affected Products

Openairinterface Cn5G Amf

PT-2025-2382 · Unknown · Openairinterface Cn5G Amf

CVE-2024-24443

Weakness Enumeration

Related Identifiers

Affected Products

References · 5