Search criteria
20 vulnerabilities found for amf by omec-project
CVE-2026-9301 (GCVE-0-2026-9301)
Vulnerability from nvd – Published: 2026-05-23 13:00 – Updated: 2026-05-23 13:00
VLAI
Title
omec-project amf NGReset Message memory corruption
Summary
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365248 | vdb-entry |
| https://vuldb.com/vuln/365248/cti | signaturepermissions-required |
| https://vuldb.com/submit/811842 | third-party-advisory |
| https://github.com/omec-project/amf/issues/678 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGReset Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T13:00:15.365Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365248 | omec-project amf NGReset Message memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/365248"
},
{
"name": "VDB-365248 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365248/cti"
},
{
"name": "Submit #811842 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811842"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/678"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGReset Message memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9301",
"datePublished": "2026-05-23T13:00:15.365Z",
"dateReserved": "2026-05-22T17:45:04.449Z",
"dateUpdated": "2026-05-23T13:00:15.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9300 (GCVE-0-2026-9300)
Vulnerability from nvd – Published: 2026-05-23 11:45 – Updated: 2026-05-26 13:21
VLAI
Title
omec-project amf NGSetupRequest memory corruption
Summary
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365247 | vdb-entry |
| https://vuldb.com/vuln/365247/cti | signaturepermissions-required |
| https://vuldb.com/submit/811841 | third-party-advisory |
| https://github.com/omec-project/amf/issues/679 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:21:13.115245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:21:23.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGSetupRequest Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T11:45:12.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365247 | omec-project amf NGSetupRequest memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/365247"
},
{
"name": "VDB-365247 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365247/cti"
},
{
"name": "Submit #811841 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811841"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/679"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGSetupRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9300",
"datePublished": "2026-05-23T11:45:12.057Z",
"dateReserved": "2026-05-22T17:45:01.607Z",
"dateUpdated": "2026-05-26T13:21:23.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9299 (GCVE-0-2026-9299)
Vulnerability from nvd – Published: 2026-05-23 11:00 – Updated: 2026-05-23 11:00
VLAI
Title
omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption
Summary
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365246 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365246/cti | signaturepermissions-required |
| https://vuldb.com/submit/811829 | third-party-advisory |
| https://github.com/omec-project/amf/issues/681 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T11:00:14.603Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365246 | omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365246"
},
{
"name": "VDB-365246 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365246/cti"
},
{
"name": "Submit #811829 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811829"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/681"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9299",
"datePublished": "2026-05-23T11:00:14.603Z",
"dateReserved": "2026-05-22T17:44:58.828Z",
"dateUpdated": "2026-05-23T11:00:14.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9298 (GCVE-0-2026-9298)
Vulnerability from nvd – Published: 2026-05-23 10:30 – Updated: 2026-05-26 13:56
VLAI
Title
omec-project amf PathSwitchRequest memory corruption
Summary
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365245 | vdb-entry |
| https://vuldb.com/vuln/365245/cti | signaturepermissions-required |
| https://vuldb.com/submit/811684 | third-party-advisory |
| https://github.com/omec-project/amf/issues/680 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9298",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:54:22.215377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:56:23.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"PathSwitchRequest Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T10:30:13.713Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365245 | omec-project amf PathSwitchRequest memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/365245"
},
{
"name": "VDB-365245 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365245/cti"
},
{
"name": "Submit #811684 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811684"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/680"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf PathSwitchRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9298",
"datePublished": "2026-05-23T10:30:13.713Z",
"dateReserved": "2026-05-22T17:44:56.483Z",
"dateUpdated": "2026-05-26T13:56:23.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8783 (GCVE-0-2026-8783)
Vulnerability from nvd – Published: 2026-05-18 02:15 – Updated: 2026-05-18 19:27
VLAI
Title
omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference
Summary
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364407 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364407/cti | signaturepermissions-required |
| https://vuldb.com/submit/811655 | third-party-advisory |
| https://github.com/omec-project/amf/issues/675 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T19:27:12.464881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T19:27:39.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/811655"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:15:11.485Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364407 | omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364407"
},
{
"name": "VDB-364407 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364407/cti"
},
{
"name": "Submit #811655 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811655"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/675"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8783",
"datePublished": "2026-05-18T02:15:11.485Z",
"dateReserved": "2026-05-17T09:56:04.123Z",
"dateUpdated": "2026-05-18T19:27:39.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8782 (GCVE-0-2026-8782)
Vulnerability from nvd – Published: 2026-05-18 02:00 – Updated: 2026-05-18 20:16
VLAI
Title
omec-project amf NGAP Message handler.go null pointer dereference
Summary
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364406 | vdb-entry |
| https://vuldb.com/vuln/364406/cti | signaturepermissions-required |
| https://vuldb.com/submit/811654 | third-party-advisory |
| https://github.com/omec-project/amf/issues/674 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8782",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T20:15:48.680586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T20:16:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:00:17.310Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364406 | omec-project amf NGAP Message handler.go null pointer dereference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/364406"
},
{
"name": "VDB-364406 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364406/cti"
},
{
"name": "Submit #811654 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811654"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/674"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message handler.go null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8782",
"datePublished": "2026-05-18T02:00:17.310Z",
"dateReserved": "2026-05-17T09:56:01.676Z",
"dateUpdated": "2026-05-18T20:16:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8781 (GCVE-0-2026-8781)
Vulnerability from nvd – Published: 2026-05-18 01:45 – Updated: 2026-05-18 10:02
VLAI
Title
omec-project amf handler.go RANConfiguration null pointer dereference
Summary
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364405 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364405/cti | signaturepermissions-required |
| https://vuldb.com/submit/811653 | third-party-advisory |
| https://github.com/omec-project/amf/issues/673 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T10:02:37.506803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T10:02:58.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:45:11.285Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364405 | omec-project amf handler.go RANConfiguration null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364405"
},
{
"name": "VDB-364405 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364405/cti"
},
{
"name": "Submit #811653 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811653"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/673"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go RANConfiguration null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8781",
"datePublished": "2026-05-18T01:45:11.285Z",
"dateReserved": "2026-05-17T09:55:58.968Z",
"dateUpdated": "2026-05-18T10:02:58.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8780 (GCVE-0-2026-8780)
Vulnerability from nvd – Published: 2026-05-18 01:30 – Updated: 2026-05-18 14:29
VLAI
Title
omec-project amf NGAP Message dispatcher.go memory corruption
Summary
A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364404 | vdb-entry |
| https://vuldb.com/vuln/364404/cti | signaturepermissions-required |
| https://vuldb.com/submit/811617 | third-party-advisory |
| https://github.com/omec-project/amf/issues/670 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:29:03.964979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:29:15.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:30:14.757Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364404 | omec-project amf NGAP Message dispatcher.go memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/364404"
},
{
"name": "VDB-364404 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364404/cti"
},
{
"name": "Submit #811617 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811617"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/670"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message dispatcher.go memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8780",
"datePublished": "2026-05-18T01:30:14.757Z",
"dateReserved": "2026-05-17T09:55:56.216Z",
"dateUpdated": "2026-05-18T14:29:15.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8779 (GCVE-0-2026-8779)
Vulnerability from nvd – Published: 2026-05-18 01:15 – Updated: 2026-05-18 17:51
VLAI
Title
omec-project amf handler.go NGSetupRequest memory corruption
Summary
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364403 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364403/cti | signaturepermissions-required |
| https://vuldb.com/submit/811616 | third-party-advisory |
| https://github.com/omec-project/amf/issues/671 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:31:09.511000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T17:51:33.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:15:12.132Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364403 | omec-project amf handler.go NGSetupRequest memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364403"
},
{
"name": "VDB-364403 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364403/cti"
},
{
"name": "Submit #811616 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811616"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/671"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go NGSetupRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8779",
"datePublished": "2026-05-18T01:15:12.132Z",
"dateReserved": "2026-05-17T09:55:52.168Z",
"dateUpdated": "2026-05-18T17:51:33.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8349 (GCVE-0-2026-8349)
Vulnerability from nvd – Published: 2026-05-11 23:30 – Updated: 2026-05-12 16:46
VLAI
Title
omec-project amf NGAP Message memory corruption
Summary
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362663 | vdb-entry |
| https://vuldb.com/vuln/362663/cti | signaturepermissions-required |
| https://vuldb.com/submit/811475 | third-party-advisory |
| https://github.com/omec-project/amf/issues/672 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://hub.docker.com/layers/omecproject/5gc-amf… | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T16:46:28.224314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:46:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:30:13.596Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362663 | omec-project amf NGAP Message memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/362663"
},
{
"name": "VDB-362663 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362663/cti"
},
{
"name": "Submit #811475 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811475"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/672"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://hub.docker.com/layers/omecproject/5gc-amf/rel-2.2.1/images/sha256-8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-11T18:33:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8349",
"datePublished": "2026-05-11T23:30:13.596Z",
"dateReserved": "2026-05-11T16:28:46.399Z",
"dateUpdated": "2026-05-12T16:46:42.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9301 (GCVE-0-2026-9301)
Vulnerability from cvelistv5 – Published: 2026-05-23 13:00 – Updated: 2026-05-23 13:00
VLAI
Title
omec-project amf NGReset Message memory corruption
Summary
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365248 | vdb-entry |
| https://vuldb.com/vuln/365248/cti | signaturepermissions-required |
| https://vuldb.com/submit/811842 | third-party-advisory |
| https://github.com/omec-project/amf/issues/678 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGReset Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T13:00:15.365Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365248 | omec-project amf NGReset Message memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/365248"
},
{
"name": "VDB-365248 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365248/cti"
},
{
"name": "Submit #811842 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811842"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/678"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGReset Message memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9301",
"datePublished": "2026-05-23T13:00:15.365Z",
"dateReserved": "2026-05-22T17:45:04.449Z",
"dateUpdated": "2026-05-23T13:00:15.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9300 (GCVE-0-2026-9300)
Vulnerability from cvelistv5 – Published: 2026-05-23 11:45 – Updated: 2026-05-26 13:21
VLAI
Title
omec-project amf NGSetupRequest memory corruption
Summary
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365247 | vdb-entry |
| https://vuldb.com/vuln/365247/cti | signaturepermissions-required |
| https://vuldb.com/submit/811841 | third-party-advisory |
| https://github.com/omec-project/amf/issues/679 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:21:13.115245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:21:23.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGSetupRequest Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T11:45:12.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365247 | omec-project amf NGSetupRequest memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/365247"
},
{
"name": "VDB-365247 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365247/cti"
},
{
"name": "Submit #811841 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811841"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/679"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGSetupRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9300",
"datePublished": "2026-05-23T11:45:12.057Z",
"dateReserved": "2026-05-22T17:45:01.607Z",
"dateUpdated": "2026-05-26T13:21:23.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9299 (GCVE-0-2026-9299)
Vulnerability from cvelistv5 – Published: 2026-05-23 11:00 – Updated: 2026-05-23 11:00
VLAI
Title
omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption
Summary
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365246 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365246/cti | signaturepermissions-required |
| https://vuldb.com/submit/811829 | third-party-advisory |
| https://github.com/omec-project/amf/issues/681 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T11:00:14.603Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365246 | omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365246"
},
{
"name": "VDB-365246 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365246/cti"
},
{
"name": "Submit #811829 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811829"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/681"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9299",
"datePublished": "2026-05-23T11:00:14.603Z",
"dateReserved": "2026-05-22T17:44:58.828Z",
"dateUpdated": "2026-05-23T11:00:14.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9298 (GCVE-0-2026-9298)
Vulnerability from cvelistv5 – Published: 2026-05-23 10:30 – Updated: 2026-05-26 13:56
VLAI
Title
omec-project amf PathSwitchRequest memory corruption
Summary
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365245 | vdb-entry |
| https://vuldb.com/vuln/365245/cti | signaturepermissions-required |
| https://vuldb.com/submit/811684 | third-party-advisory |
| https://github.com/omec-project/amf/issues/680 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9298",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T13:54:22.215377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T13:56:23.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"PathSwitchRequest Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T10:30:13.713Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365245 | omec-project amf PathSwitchRequest memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/365245"
},
{
"name": "VDB-365245 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365245/cti"
},
{
"name": "Submit #811684 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811684"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/680"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-22T19:50:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf PathSwitchRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9298",
"datePublished": "2026-05-23T10:30:13.713Z",
"dateReserved": "2026-05-22T17:44:56.483Z",
"dateUpdated": "2026-05-26T13:56:23.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8783 (GCVE-0-2026-8783)
Vulnerability from cvelistv5 – Published: 2026-05-18 02:15 – Updated: 2026-05-18 19:27
VLAI
Title
omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference
Summary
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364407 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364407/cti | signaturepermissions-required |
| https://vuldb.com/submit/811655 | third-party-advisory |
| https://github.com/omec-project/amf/issues/675 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T19:27:12.464881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T19:27:39.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/811655"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:15:11.485Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364407 | omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364407"
},
{
"name": "VDB-364407 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364407/cti"
},
{
"name": "Submit #811655 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811655"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/675"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8783",
"datePublished": "2026-05-18T02:15:11.485Z",
"dateReserved": "2026-05-17T09:56:04.123Z",
"dateUpdated": "2026-05-18T19:27:39.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8782 (GCVE-0-2026-8782)
Vulnerability from cvelistv5 – Published: 2026-05-18 02:00 – Updated: 2026-05-18 20:16
VLAI
Title
omec-project amf NGAP Message handler.go null pointer dereference
Summary
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364406 | vdb-entry |
| https://vuldb.com/vuln/364406/cti | signaturepermissions-required |
| https://vuldb.com/submit/811654 | third-party-advisory |
| https://github.com/omec-project/amf/issues/674 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8782",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T20:15:48.680586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T20:16:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:00:17.310Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364406 | omec-project amf NGAP Message handler.go null pointer dereference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/364406"
},
{
"name": "VDB-364406 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364406/cti"
},
{
"name": "Submit #811654 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811654"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/674"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message handler.go null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8782",
"datePublished": "2026-05-18T02:00:17.310Z",
"dateReserved": "2026-05-17T09:56:01.676Z",
"dateUpdated": "2026-05-18T20:16:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8781 (GCVE-0-2026-8781)
Vulnerability from cvelistv5 – Published: 2026-05-18 01:45 – Updated: 2026-05-18 10:02
VLAI
Title
omec-project amf handler.go RANConfiguration null pointer dereference
Summary
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364405 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364405/cti | signaturepermissions-required |
| https://vuldb.com/submit/811653 | third-party-advisory |
| https://github.com/omec-project/amf/issues/673 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T10:02:37.506803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T10:02:58.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:45:11.285Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364405 | omec-project amf handler.go RANConfiguration null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364405"
},
{
"name": "VDB-364405 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364405/cti"
},
{
"name": "Submit #811653 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811653"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/673"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go RANConfiguration null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8781",
"datePublished": "2026-05-18T01:45:11.285Z",
"dateReserved": "2026-05-17T09:55:58.968Z",
"dateUpdated": "2026-05-18T10:02:58.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8780 (GCVE-0-2026-8780)
Vulnerability from cvelistv5 – Published: 2026-05-18 01:30 – Updated: 2026-05-18 14:29
VLAI
Title
omec-project amf NGAP Message dispatcher.go memory corruption
Summary
A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364404 | vdb-entry |
| https://vuldb.com/vuln/364404/cti | signaturepermissions-required |
| https://vuldb.com/submit/811617 | third-party-advisory |
| https://github.com/omec-project/amf/issues/670 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:29:03.964979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:29:15.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:30:14.757Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364404 | omec-project amf NGAP Message dispatcher.go memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/364404"
},
{
"name": "VDB-364404 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364404/cti"
},
{
"name": "Submit #811617 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811617"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/670"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message dispatcher.go memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8780",
"datePublished": "2026-05-18T01:30:14.757Z",
"dateReserved": "2026-05-17T09:55:56.216Z",
"dateUpdated": "2026-05-18T14:29:15.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8779 (GCVE-0-2026-8779)
Vulnerability from cvelistv5 – Published: 2026-05-18 01:15 – Updated: 2026-05-18 17:51
VLAI
Title
omec-project amf handler.go NGSetupRequest memory corruption
Summary
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364403 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364403/cti | signaturepermissions-required |
| https://vuldb.com/submit/811616 | third-party-advisory |
| https://github.com/omec-project/amf/issues/671 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:31:09.511000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T17:51:33.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:15:12.132Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364403 | omec-project amf handler.go NGSetupRequest memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364403"
},
{
"name": "VDB-364403 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364403/cti"
},
{
"name": "Submit #811616 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811616"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/671"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go NGSetupRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8779",
"datePublished": "2026-05-18T01:15:12.132Z",
"dateReserved": "2026-05-17T09:55:52.168Z",
"dateUpdated": "2026-05-18T17:51:33.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8349 (GCVE-0-2026-8349)
Vulnerability from cvelistv5 – Published: 2026-05-11 23:30 – Updated: 2026-05-12 16:46
VLAI
Title
omec-project amf NGAP Message memory corruption
Summary
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.
Severity
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362663 | vdb-entry |
| https://vuldb.com/vuln/362663/cti | signaturepermissions-required |
| https://vuldb.com/submit/811475 | third-party-advisory |
| https://github.com/omec-project/amf/issues/672 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://hub.docker.com/layers/omecproject/5gc-amf… | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T16:46:28.224314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:46:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:30:13.596Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362663 | omec-project amf NGAP Message memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/362663"
},
{
"name": "VDB-362663 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362663/cti"
},
{
"name": "Submit #811475 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811475"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/672"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://hub.docker.com/layers/omecproject/5gc-amf/rel-2.2.1/images/sha256-8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-11T18:33:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8349",
"datePublished": "2026-05-11T23:30:13.596Z",
"dateReserved": "2026-05-11T16:28:46.399Z",
"dateUpdated": "2026-05-12T16:46:42.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}