Home

Description

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.

PUBLISHED Reserved 2026-05-17 | Published 2026-05-18 | Updated 2026-05-18 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4.0AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Memory Corruption

Product status

2.1.3-dev
affected

2.2.0
unaffected

Timeline

2026-05-17:Advisory disclosed
2026-05-17:VulDB entry created
2026-05-17:VulDB entry last update

Credits

shovon0203 (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/364403 (VDB-364403 | omec-project amf handler.go NGSetupRequest memory corruption) vdb-entry technical-description

vuldb.com/vuln/364403/cti (VDB-364403 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/811616 (Submit #811616 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption) third-party-advisory

github.com/omec-project/amf/issues/671 exploit issue-tracking

github.com/omec-project/amf/pull/666 issue-tracking patch

github.com/omec-project/amf/releases/tag/v2.2.0 patch

github.com/omec-project/amf/ product

cve.org (CVE-2026-8779)

nvd.nist.gov (CVE-2026-8779)

Download JSON