CVE-2026-30075

Source
https://cve.org/CVERecord?id=CVE-2026-30075
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30075.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-30075
Published
2026-04-08T00:00:00Z
Modified
2026-07-16T03:48:24.277178176Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30075.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf

Affected ranges

Type
GIT
Repo
https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf
Events
Introduced
5ad2873c649cb3da2702fb8c0748a77d79c51bf5
Last affected
5ad2873c649cb3da2702fb8c0748a77d79c51bf5
Database specific
{
    "cpe": "cpe:2.3:a:openairinterface:oai-cn5g-amf:2.2.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.2.0
v2.*
v2.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30075.json"