CVE-2024-24445

Feb. 18, 2025, 9:15 p.m.

None
No Score

Description

OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.

Product(s) Impacted

Product Versions
OpenAirInterface CN5G AMF
  • <= 2.0.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-476
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://openairinterface.com
https://cellularsecurity.org/ransacked

Tags

cve@mitre.org
CWE-476
2025-01-21
CVE-2024-24445

Timeline

Published: Jan. 21, 2025, 10:15 p.m.
Last Modified: Feb. 18, 2025, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.