Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).
AnalysisAI
Buffer overflow in OpenAirInterface 2.2.0 AUSF component crashes service when processing oversized NAS PDU Authentication Response via UplinkNASTransport messages. Unauthenticated remote attackers can send malformed authentication responses (e.g., 100-byte payloads exceeding expected bounds) triggering AUSF component crash, preventing legitimate user registration and verification. Affects 5G core network deployments using OpenAirInterface AUSF. No public exploit identified at time of analysis. CVSS 7.5 High severity due to network-accessible denial of service without authentication requirements.
Technical ContextAI
CWE-120 buffer overflow occurs in AUSF component's NAS PDU decoder when processing Authentication Response messages exceeding expected buffer size. AMF forwards oversized response to AUSF without validation, triggering memory corruption and component crash. Affects cn5g-ausf implementation in OpenAirInterface 5G Core Network stack.
RemediationAI
Review vendor issue tracker at https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues/6 for upstream fix status. Upstream fix available (issue #6); released patched version not independently confirmed at time of analysis. Recommended immediate actions: implement network-level input validation filtering oversized NAS PDU messages before reaching AUSF component, deploy rate limiting on UplinkNASTransport processing, monitor AUSF component health with automatic restart capability. For production 5G core deployments, isolate AUSF component with strict firewall rules permitting only authenticated AMF traffic. Consult official advisory at https://nvd.nist.gov/vuln/detail/CVE-2026-30075 for vendor updates. Subscribe to OpenAirInterface security notifications for patched release announcements.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20509