Home

Description

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.

PUBLISHED Reserved 2026-05-17 | Published 2026-05-18 | Updated 2026-05-18 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4.0AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Memory Corruption

Product status

2.1.3-dev
affected

2.2.0
unaffected

Timeline

2026-05-17:Advisory disclosed
2026-05-17:VulDB entry created
2026-05-17:VulDB entry last update

Credits

shovon0203 (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/364404 (VDB-364404 | omec-project amf NGAP Message dispatcher.go memory corruption) vdb-entry

vuldb.com/vuln/364404/cti (VDB-364404 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/811617 (Submit #811617 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption) third-party-advisory

github.com/omec-project/amf/issues/670 exploit issue-tracking

github.com/omec-project/amf/pull/666 issue-tracking patch

github.com/omec-project/amf/releases/tag/v2.2.0 patch

github.com/omec-project/amf/ product

cve.org (CVE-2026-8780)

nvd.nist.gov (CVE-2026-8780)

Download JSON