CVE-2026-30077

Source
https://cve.org/CVERecord?id=CVE-2026-30077
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30077.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-30077
Published
2026-03-30T00:00:00Z
Modified
2026-07-16T03:48:24.084630166Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30077.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf

Affected ranges

Type
GIT
Repo
https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-amf
Events
Introduced
5ad2873c649cb3da2702fb8c0748a77d79c51bf5
Last affected
5ad2873c649cb3da2702fb8c0748a77d79c51bf5
Database specific
{
    "cpe": "cpe:2.3:a:openairinterface:openairinterface:2.2.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.2.0
v2.*
v2.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30077.json"