CVE-2026-30077
Crash Vulnerability in OpenAirInterface V2.2.0 AMF Decoder
Publication date: 2026-03-30
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openairinterface | openairinterface | 2.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30077 is a crash vulnerability in OpenAirInterface (OAI) AMF version 2.2.0 triggered when the AMF fails to decode certain NGAP messages.
Not all decode failures cause a crash, but for particular inputs, the AMF crashes due to improper memory management.
Specifically, the crash is caused by the program attempting to free stack-allocated memory, which leads to a use-after-free or invalid free error.
This improper freeing occurs in the function handling NGAP message decoding, causing the AMF process to terminate unexpectedly instead of handling the error gracefully.
How can this vulnerability impact me? :
This vulnerability can cause the OpenAirInterface AMF to crash unexpectedly when processing certain NGAP messages.
Such crashes can lead to denial of service conditions, disrupting the availability of the AMF component in a 5G network.
As the AMF is a critical network function, its unavailability can impact network operations and service continuity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the OpenAirInterface AMF version 2.2.0 for crashes triggered by NGAP message decode failures. Specifically, sending a crafted NGAP message with the hex stream `80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88` to the AMF can reproduce the crash.
To detect the issue on your system, you can run the AMF in a controlled environment (e.g., Ubuntu 22.04 within Docker) and send the specific NGAP message to it. Observe if the AMF process crashes upon receiving this input.
Suggested commands include:
- Run the AMF in Docker: `docker run -it --rm openairinterface/oai-cn5g-amf:2.2.0`
- Send the crafted NGAP message to the AMF via SCTP using a tool like `sctp_test` or a custom SCTP client that can send raw hex data.
- Monitor the AMF logs and process status for crashes or abnormal termination.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding the processing of malformed or unexpected NGAP messages that trigger the crash. Since the vulnerability is caused by improper memory management during NGAP message decoding, you should:
- Restrict or filter incoming NGAP messages to prevent the specific malformed input from reaching the AMF.
- Run the AMF in a monitored environment where crashes can be quickly detected and the service restarted.
- Apply any available patches or updates from the OpenAirInterface project that address NGAP message handling and memory management.
Note that the referenced update in Resource 2 adjusts NGAP Procedure Codes for compliance but does not directly fix this crash vulnerability. Therefore, monitoring and filtering remain critical until a dedicated fix is released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.