CVE-2026-30077
Received Received - Intake
Crash Vulnerability in OpenAirInterface V2.2.0 AMF Decoder

Publication date: 2026-03-30

Last updated on: 2026-04-06

Assigner: MITRE

Description
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-06
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30077
EUVD
EUVD-2026-17142
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openairinterface openairinterface 2.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30077 is a crash vulnerability in OpenAirInterface (OAI) AMF version 2.2.0 triggered when the AMF fails to decode certain NGAP messages.

Not all decode failures cause a crash, but for particular inputs, the AMF crashes due to improper memory management.

Specifically, the crash is caused by the program attempting to free stack-allocated memory, which leads to a use-after-free or invalid free error.

This improper freeing occurs in the function handling NGAP message decoding, causing the AMF process to terminate unexpectedly instead of handling the error gracefully.

Impact Analysis

This vulnerability can cause the OpenAirInterface AMF to crash unexpectedly when processing certain NGAP messages.

Such crashes can lead to denial of service conditions, disrupting the availability of the AMF component in a 5G network.

As the AMF is a critical network function, its unavailability can impact network operations and service continuity.

Detection Guidance

This vulnerability can be detected by monitoring the OpenAirInterface AMF version 2.2.0 for crashes triggered by NGAP message decode failures. Specifically, sending a crafted NGAP message with the hex stream `80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88` to the AMF can reproduce the crash.

To detect the issue on your system, you can run the AMF in a controlled environment (e.g., Ubuntu 22.04 within Docker) and send the specific NGAP message to it. Observe if the AMF process crashes upon receiving this input.

Suggested commands include:

  • Run the AMF in Docker: `docker run -it --rm openairinterface/oai-cn5g-amf:2.2.0`
  • Send the crafted NGAP message to the AMF via SCTP using a tool like `sctp_test` or a custom SCTP client that can send raw hex data.
  • Monitor the AMF logs and process status for crashes or abnormal termination.
Mitigation Strategies

Immediate mitigation involves avoiding the processing of malformed or unexpected NGAP messages that trigger the crash. Since the vulnerability is caused by improper memory management during NGAP message decoding, you should:

  • Restrict or filter incoming NGAP messages to prevent the specific malformed input from reaching the AMF.
  • Run the AMF in a monitored environment where crashes can be quickly detected and the service restarted.
  • Apply any available patches or updates from the OpenAirInterface project that address NGAP message handling and memory management.

Note that the referenced update in Resource 2 adjusts NGAP Procedure Codes for compliance but does not directly fix this crash vulnerability. Therefore, monitoring and filtering remain critical until a dedicated fix is released.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30077. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart