CVE-2024-24445
Published: 21 January 2025
Summary
CVE-2024-24445 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Openairinterface (inferred from references). Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 38.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21864
Vulnerability details
OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple…
more
is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.