CVE-2026-30075: n/a
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).
AI Analysis
Technical Summary
CVE-2026-30075 describes a buffer overflow vulnerability in OpenAirInterface 2.2.0 when handling an UplinkNASTransport message containing an oversized Authentication Response NAS PDU (e.g., 100 bytes). The AMF decodes this response and forwards it to the AUSF component, which crashes upon receiving the oversized data. This crash leads to denial of service conditions by blocking user registration and verification processes.
Potential Impact
Successful exploitation causes the AUSF component to crash, resulting in denial of service that prevents users from completing registration and authentication. This disrupts normal network operations related to user access but does not indicate code execution or data breach from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, monitoring for anomalous oversized Authentication Response messages and applying any vendor-recommended temporary mitigations is advised.
CVE-2026-30075: n/a
Description
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-30075 describes a buffer overflow vulnerability in OpenAirInterface 2.2.0 when handling an UplinkNASTransport message containing an oversized Authentication Response NAS PDU (e.g., 100 bytes). The AMF decodes this response and forwards it to the AUSF component, which crashes upon receiving the oversized data. This crash leads to denial of service conditions by blocking user registration and verification processes.
Potential Impact
Successful exploitation causes the AUSF component to crash, resulting in denial of service that prevents users from completing registration and authentication. This disrupts normal network operations related to user access but does not indicate code execution or data breach from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, monitoring for anomalous oversized Authentication Response messages and applying any vendor-recommended temporary mitigations is advised.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d737031cc7ad14da4194cf
Added to database: 4/9/2026, 5:20:03 AM
Last enriched: 4/9/2026, 5:25:50 AM
Last updated: 4/10/2026, 5:44:32 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.