CVE-2026-44475

CVE-2026-44475 affects Ella Core (private 5G core). Prior to version 1.10.0, the PathSwitchRequest handling does not verify UE Security Capabilities against locally stored values, allowing a malicious gNB to overwrite a UE’s security capabilities with arbitrary values via a crafted PathSwitchRequ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the NGAP handover failure message processing. An attacker can cause the service to crash and disrupt connectivity for all users by forcing a gNodeB to send NGAP handover failure messages. Remediation Upgrade...

PT-2025-36506

Name of the Vulnerable Software and Affected Versions: Open5GS versions through 2.7.5 Description: An assertion failure in the ngap build downlink nas transport function within the src/amf/ngap-build.c file, part of the Access and Mobility Management Function AMF component, can lead to a denial o...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited by an attacker to cause reachable assertions via the function ngapbuilddownlinknastransport in the...

CVE-2024-24426

Reachable assertions in the NGAPFINDPROTOCOLIEBYID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service DoS via a crafted NGAP packet...

CVE-2024-24445

OpenAirInterface CN5G AMF oai-cn5g-amf = 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is...

CVE-2024-24445

OpenAirInterface CN5G AMF oai-cn5g-amf = 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is...

SUSE CVE-2024-24426

Reachable assertions in the NGAPFINDPROTOCOLIEBYID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service DoS via a crafted NGAP packet...

PT-2024-20400 · Unknown · Openairinterface Cn5G Amf

Name of the Vulnerable Software and Affected Versions: OpenAirInterface CN5G AMF versions = 2.0.0 Description: The issue is a stack-based memcpy buffer overflow in the ngap handle pdu session resource setup response routine. This allows a remote attacker with access to the N2 interface to...