Skip to main content

CVE-2026-30077

| EUVDEUVD-2026-17142 HIGH
Improper Input Validation (CWE-20)
2026-03-30 mitre GHSA-p4x4-rw25-ghm6
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 30, 2026 - 17:45 euvd
EUVD-2026-17142
Analysis Generated
Mar 30, 2026 - 17:45 vuln.today
CVE Published
Mar 30, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.

AnalysisAI

OpenAirInterface AMF version 2.2.0 crashes during message decoding when processing specific malformed input sequences, enabling a denial of service condition. A remote attacker can trigger a consistent crash by sending specially crafted hex-encoded packets (example: 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88) to the AMF component. No public exploit code has been identified, but the crash is reproducible with known input patterns.

Technical ContextAI

OpenAirInterface is an open-source implementation of 5G core network functions; the AMF (Access and Mobility Management Function) is a critical signaling component that processes incoming messages in the 5G architecture. The vulnerability exists in the message decoding logic, where certain binary sequences cause an unhandled exception or buffer overrun in the parser state machine. While not all decode failures trigger crashes, the deterministic nature of the failure for specific inputs suggests a bounds-checking or type-validation flaw in the decoding routine rather than random memory corruption.

RemediationAI

Upgrade OpenAirInterface AMF to a patched version following the fix applied in merge request 414 (https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf/-/merge_requests/414), which addresses the decoding crash. Users unable to upgrade immediately should implement network-level controls to filter or rate-limit malformed 5G messages at the ingress point, and monitor AMF process health for unexpected crashes. The underlying fix is expected to add bounds validation or exception handling in the message decoding path; review the merge request details and test the patched version in a lab environment before production deployment.

Share

CVE-2026-30077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy