AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-24426: Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation

highvulnerability

security

Source: NVD/CVE DatabaseNovember 15, 2024CVE-2024-24426

Summary

CVE-2024-24426 is a vulnerability in OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 where attackers can trigger reachable assertions (checks that crash the program if they fail) in the NGAP_FIND_PROTOCOLIE_BY_ID function by sending a specially crafted NGAP packet (a message used in cellular networks), causing a Denial of Service attack (making the service unavailable to legitimate users). The vulnerability has not yet received an official CVSS severity rating from NIST.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-78

CAPEC (Attack Pattern)

CAPEC-88

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-24426

First tracked: February 15, 2026 at 08:49 PM

Classified by LLM (prompt v3) · confidence: 95%