Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.
AnalysisAI
OpenAirInterface AMF version 2.2.0 crashes during message decoding when processing specific malformed input sequences, enabling a denial of service condition. A remote attacker can trigger a consistent crash by sending specially crafted hex-encoded packets (example: 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88) to the AMF component. No public exploit code has been identified, but the crash is reproducible with known input patterns.
Technical ContextAI
OpenAirInterface is an open-source implementation of 5G core network functions; the AMF (Access and Mobility Management Function) is a critical signaling component that processes incoming messages in the 5G architecture. The vulnerability exists in the message decoding logic, where certain binary sequences cause an unhandled exception or buffer overrun in the parser state machine. While not all decode failures trigger crashes, the deterministic nature of the failure for specific inputs suggests a bounds-checking or type-validation flaw in the decoding routine rather than random memory corruption.
RemediationAI
Upgrade OpenAirInterface AMF to a patched version following the fix applied in merge request 414 (https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414), which addresses the decoding crash. Users unable to upgrade immediately should implement network-level controls to filter or rate-limit malformed 5G messages at the ingress point, and monitor AMF process health for unexpected crashes. The underlying fix is expected to add bounds validation or exception handling in the message decoding path; review the merge request details and test the patched version in a lab environment before production deployment.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17142
GHSA-p4x4-rw25-ghm6