Cyber Resilience

CVE-2024-24442

High

Published: 21 January 2025

Published
21 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0028 51.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24442 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Cellularsecurity (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-24442 is a NULL pointer dereference vulnerability in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) versions up to v2.0.0. This flaw, classified under CWE-476, enables attackers to trigger a Denial of Service (DoS) condition through a specially crafted NGAP message. The vulnerability carries a CVSS v3.1 base score of 7.5, reflecting its high impact on availability with no effects on confidentiality or integrity.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By sending a malicious NGAP message to the affected AMF component, an unauthenticated adversary can cause the application to crash, disrupting service availability in 5G core network environments relying on OpenAirInterface.

Mitigation details and patches are referenced in advisories available at http://openairinterface.com and https://cellularsecurity.org/ransacked. Security practitioners should consult these sources for upgrade guidance beyond oai-cn5g-amf v2.0.0.

EU & UK References

Vulnerability details

A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL dereference in public-facing AMF enables remote unauthenticated DoS via crafted NGAP message, directly mapping to public app exploitation and application/system exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32696Shared CWE-476
CVE-2026-23148Shared CWE-476
CVE-2026-33283Shared CWE-476
CVE-2025-63655Shared CWE-476
CVE-2025-14769Shared CWE-476
CVE-2026-27651Shared CWE-476
CVE-2026-42409Shared CWE-476
CVE-2026-26829Shared CWE-476
CVE-2026-29785Shared CWE-476
CVE-2026-0918Shared CWE-476

Affected Assets

Cellularsecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates crafted NGAP messages to prevent null pointer dereferences that cause DoS crashes in the AMF handle_receive routine.

prevent

Ensures the system handles null pointer errors gracefully without compromising availability during NGAP message processing.

preventdetect

Protects against DoS attacks triggered by malformed NGAP messages exploiting the null dereference vulnerability.

References