CVE-2026-30075

Name of the Vulnerable Software and Affected Versions OpenAirInterface version 2.2.0

Description OpenAirInterface version 2.2.0 contains a buffer overflow issue when processing an UplinkNASTransport with an Authentication Response containing an oversized NAS PDU (for example, 100 bytes). The response is decoded by the AMF and passed to the AUSF component for verification. The AUSF component crashes when receiving this oversized response, potentially leading to a denial of service (DoS) and preventing users from completing registration and verification.

Recommendations Update to a newer version of OpenAirInterface that addresses this issue. As a temporary workaround, consider filtering or limiting the size of Authentication Responses received by the AUSF component.