CVE-2024-24445

Name of the Vulnerable Software and Affected Versions: OpenAirInterface CN5G AMF (oai-cn5g-amf) version 2.0.0 and earlier

Description: The issue is related to a null dereference in the handling of unsupported NGAP protocol messages. When a procedure code/presence field tuple is received that is unsupported, the software indexes into a null function pointer and subsequently dereferences it. This allows an attacker with network-adjacent access to the AMF to carry out a denial of service.

Recommendations: For OpenAirInterface CN5G AMF (oai-cn5g-amf) version 2.0.0 and earlier, consider disabling the handling of unsupported NGAP protocol messages until a patch is available. Restrict access to the AMF to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.