Skip to main content

OMEC Project AMF CVE-2026-8349

LOW
Buffer Overflow (CWE-119)
2026-05-11 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 12, 2026 - 00:22 NVD
MEDIUM LOW
CVSS changed
May 12, 2026 - 00:22 NVD
4.3 (MEDIUM) 2.1 (LOW)
Source Code Evidence Fetched
May 12, 2026 - 00:00 vuln.today
Analysis Generated
May 12, 2026 - 00:00 vuln.today
CVE Published
May 11, 2026 - 23:30 nvd
MEDIUM 4.3

DescriptionCVE.org

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.

AnalysisAI

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed mobile identity payloads, allowing authenticated remote attackers to cause denial of service through buffer overflow. Publicly available exploit code exists; vendor released patched version 2.2.0 via GitHub PR #666. CVSS 4.3 (low severity) reflects authentication requirement (PR:L) and availability-only impact, but real-world exploitation risk depends on deployment context.

Technical ContextAI

OMEC Project AMF (Access and Mobility Management Function) is a 5G core network component implementing the NGAP (NG Application Protocol) for RAN (Radio Access Network) communication. The vulnerability exists in the NGAP Message Handler's processing of mobile identity payloads, specifically in functions that parse SUCI (Subscription Concealed Identifier) and MobileIdentity5GS structures. CWE-119 (improper restriction of operations within the bounds of a memory buffer) indicates missing bounds checks when decoding variable-length identity fields. The root cause appears to be insufficient validation of decoded SUCI data before assignment to user equipment context (ue.PlmnId), combined with unsafe handling of nil pointers and empty identity buffers in the NGAP dispatcher and NAS security layers.

RemediationAI

Upgrade OMEC Project AMF to version 2.2.0 or later immediately. The patch is available via GitHub PR #666 (https://github.com/omec-project/amf/pull/666) and Docker Hub (omecproject/5gc-amf:rel-2.2.1). The fix adds explicit error handling for SUCI decoding failures in gmm/handler.go (HandleRegistrationRequest and HandleIdentityResponse functions), null-pointer validation in ngap/dispatcher.go (DispatchLb and NgapMsgHandler), and bounds checking in nas/nas_security/security.go. If immediate upgrade is not feasible, implement network-level mitigations: restrict NGAP connections to trusted RAN nodes only via firewall rules, disable unnecessary identity response features if supported by the deployment, and monitor NGAP logs for malformed mobile identity messages. Note that authentication is required (PR:L) - the attacker must have valid AMF connection credentials or compromise RAN identity trust anchors. Docker-based deployments should pull the updated image tag rel-2.2.1 or later; source deployments should rebuild from the patched version tag in the omec-project/amf GitHub repository.

More in Amf

View all
CVE-2025-69248 HIGH POC
7.5 Feb 23

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of fr

CVE-2026-14623 LOW POC
2.1 Jul 04

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privil

CVE-2026-14624 LOW POC
2.1 Jul 04

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allo

CVE-2026-8783 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows a

CVE-2026-8782 LOW POC
2.1 May 18

Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access

CVE-2026-8781 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger d

CVE-2026-9301 LOW POC
2.1 May 23

Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticate

CVE-2026-9300 LOW POC
2.1 May 23

Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows networ

CVE-2026-9299 LOW POC
2.1 May 23

Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation

CVE-2026-9298 LOW POC
2.1 May 23

Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticat

CVE-2026-8780 LOW POC
2.1 May 18

Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-seve

CVE-2026-8779 LOW POC
2.1 May 18

Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers

Share

CVE-2026-8349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy