CVE-2024-24444

Feb. 10, 2025, 10:15 p.m.

7.5
High

Description

Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

Product(s) Impacted

Product Versions
OpenAirInterface CN5G AMF
  • ['up to v2.0.0']
OpenAirInterface CN5G AMF (oai-cn5g-amf)
  • ['up to v2.0.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-775
Missing Release of File Descriptor or Handle after Effective Lifetime
The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

References

http://openairinterface.com
https://cellularsecurity.org/ransacked
https://cellularsecurity.org/ransacked

Tags

cve@mitre.org
2025-01-21
CVE-2024-24444
CWE-775

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Jan. 21, 2025, 10:15 p.m.
Last Modified: Feb. 10, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.