CVE-2024-24451

High

Published: 21 January 2025

Published

21 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0188 83.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface.

Security Summary

CVE-2024-24451 is a stack overflow vulnerability (CWE-120) in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to version v2.0.0. Published on 2025-01-21, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with network accessibility and low attack complexity.

Unauthenticated attackers can exploit the vulnerability remotely by repeatedly establishing SCTP connections to the N2 interface, triggering the stack overflow and causing a Denial of Service (DoS) that crashes the affected component.

Mitigation details are available in advisories from OpenAirInterface at http://openairinterface.com and the Cellular Security Research Group at https://cellularsecurity.org/ransacked.

Details

CWE(s): CWE-120

References

http://openairinterface.com
cve@mitre.org
https://cellularsecurity.org/ransacked
cve@mitre.org
https://cellularsecurity.org/ransacked
134c704f-9b21-4f2e-91b3-4a467353bcc0