108 matches found
CVE-2026-37232
An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...
CVE-2026-30080
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...
CVE-2026-30075
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response For example 100 byte. The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes o...
EUVD-2026-20509
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response For example 100 byte. The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes o...
CVE-2026-30080
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...
CVE-2026-30075
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response For example 100 byte. The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes o...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
OpenAirInterface 安全漏洞
OpenAirInterface is a mobile communication network software platform developed by the French company OpenAirInterface. Version 2.2.0 of OpenAirInterface contains a security vulnerability. This vulnerability stems from accepting messages in a secure mode without integrity protection, which may lea...
CVE-2026-30080
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...
PT-2026-31326
Name of the Vulnerable Software and Affected Versions OpenAirInterface version 2.2.0 Description OpenAirInterface version 2.2.0 allows Security Mode Complete without integrity protection. Despite supporting integrity protection configurations NIA1 and NIA2, the system accepts initial registration...
CVE-2026-30075
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response For example 100 byte. The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes o...
OpenAirInterface 安全漏洞
OpenAirInterface is a mobile communication network software platform developed by the French company OpenAirInterface. Version 2.2.0 of OpenAirInterface contains a security vulnerability. This vulnerability stems from a buffer overflow issue when processing UplinkNASTransport messages that contai...
CVE-2026-30080
OpenAirInterface v2.2.0 is affected: the system accepts Security Mode Complete without integrity protection, downgrading from supported integrity configurations (NIA1/NIA2) to a capability IA0 during initial registration. This can enable replay attacks. Red Hat ENISA/NVD entries corroborate the d...
CVE-2026-30075
OpenAirInterface 2.2.0 is affected by a buffer overflow in UplinkNASTransport processing of an Authentication Response containing an oversized NAS PDU (example: 100 bytes). The AUSF may crash, potentially denying new registrations/verification and causing DoS. Remediation: update to a newer OpenA...
EUVD-2026-19642
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
OpenAirInterface 安全漏洞
OpenAirInterface is a mobile communication network software platform developed by the French company OpenAirInterface. OpenAirInterface V2.2.0 AMF contains a security vulnerability. This vulnerability stems from an incorrect message sequence, which leads to incorrect state transitions during the ...
CVE-2026-30079
OpenAirInterface OpenAirInterface V2.2.0 AMF is affected by CVE-2026-30079 due to out-of-sequence messages that derail UE registration state transitions. Specifically, sending SecurityModeComplete after InitialUERegistration can trigger a registration reject followed by accept, allowing the UE to...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...
CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...