{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30075", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T16:43:29.076Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T16:43:29.076Z"}, "descriptions": [{"lang": "en", "value": "OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues?show=eyJpaWQiOiI2IiwiZnVsbF9wYXRoIjoib2FpL2NuNWcvb2FpLWNuNWctYXVzZiIsImlkIjo1NDE5fQ%3D%3D"}, {"url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues/6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS)."}], "id": "CVE-2026-30075", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T17:21:18.503", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues/6"}, {"source": "cve@mitre.org", "url": "https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-ausf/-/issues?show=eyJpaWQiOiI2IiwiZnVsbF9wYXRoIjoib2FpL2NuNWcvb2FpLWNuNWctYXVzZiIsImlkIjo1NDE5fQ%3D%3D"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T19:21:39.978135+00:00", "value": {"mitigation_remediation": ["Upgrade to a newer OpenAirInterface release that patches the buffer overflow.", "If an immediate upgrade is not possible, restrict network access to the AMF to trusted entities and monitor for abnormal Authentication Response traffic.", "Consider applying a temporary network\u2010level filter to reject oversized NAS PDUs while awaiting a patch."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "OpenAirInterface software version\u202f2.2.0, specifically the AMF component that forwards Authentication Responses to the AUSF. No other vendors or versions are specified.", "description_and_impact": "The flaw is a buffer overflow triggered when the OpenAirInterface AMF processes a UplinkNASTransport carrying an Authentication Response whose NAS PDU is oversized, for example 100 bytes. The oversized payload is decoded by the AMF and then forwarded to the AUSF component for verification. Because the AUSF cannot handle the oversized data, it crashes, disrupting the authentication flow and preventing users from completing registration. The immediate impact is a denial of service to users relying on the affected network nodes.", "risk_and_exploitability": "The CVSS score is not provided, and EPSS data is unavailable, so the potential severity is known but exploitation likelihood is uncertain. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting it is not yet known to be exploited in the wild. However, the repository indicates a critical issue that causes a crash. Based on the description, it is inferred that the attacker must be able to send a crafted Authentication Response to the AMF over the network. The attack can cause a temporary or persistent denial of service to users, potentially impacting network availability."}}}}, "created": "2026-04-08T19:44:36.036905+00:00", "title": "Buffer Overflow in OpenAirInterface 2.2.0 Causes AUSF Crash and Denial of Service", "updated": "2026-04-08T19:44:36.036939+00:00", "vendors": [], "weaknesses": ["CWE-120"]}