AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-24443: An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface

mediumvulnerability

security

Source: NVD/CVE DatabaseJanuary 21, 2025CVE-2024-24443

Summary

CVE-2024-24443 is a vulnerability in OpenAirInterface CN5G AMF (a component that manages mobile network connections) up to version 2.0.0 where an uninitialized pointer dereference (using a memory address that hasn't been properly set up) in a specific routine allows attackers to cause a Denial of Service attack by sending a crafted PDU Session Resource Setup Response (a specially designed network message).

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-476

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-24443

First tracked: February 15, 2026 at 08:49 PM

Classified by LLM (prompt v3) · confidence: 95%