Skip to main content

OMEC AMF CVE-2026-8779

| EUVDEUVD-2026-30724 LOW
Buffer Overflow (CWE-119)
2026-05-18 VulDB GHSA-fxvj-wqv2-xgcq
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
May 18, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
May 18, 2026 - 02:22 NVD
4.3 (MEDIUM) 2.1 (LOW)
Source Code Evidence Fetched
May 18, 2026 - 01:44 vuln.today
Analysis Generated
May 18, 2026 - 01:44 vuln.today

DescriptionCVE.org

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.

AnalysisAI

Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers to crash the 5G core network component by sending crafted NGAP NG Setup Request messages with malformed InformationElement fields. Affects OMEC AMF versions up to 2.1.3-dev. Publicly available exploit code exists (GitHub issue #671), and vendor patch released in version 2.2.0. CVSS 4.3 (Low severity) reflects low availability impact, requiring authentication (PR:L), but real-world risk is moderate for 5G network operators given public POC and critical infrastructure role of AMF in mobile core networks.

Technical ContextAI

The vulnerability affects the NGAP (NG Application Protocol) handler in omec-project/amf, specifically the NGSetupRequest function in ngap/handler.go. NGAP is the control plane protocol between 5G RAN (Radio Access Network) and AMF in the 5G core. The root cause is CWE-119 (Improper Restriction of Operations within Bounds of Memory Buffer), manifesting as insufficient input validation when parsing NGAP Information Elements. The patch (PR #666) adds defensive nil checks and validates PLMN ID decoding in multiple handlers (gmm/handler.go, nas/nas_security/security.go, ngap/dispatcher.go), preventing memory corruption from malformed SUCI (Subscription Concealed Identifier) and other identity fields. The fix also sanitizes Prometheus metrics labels to prevent non-UTF-8 injection. CPE cpe:2.3:a:omec-project:amf identifies this as the OMEC (Open Mobile Evolved Core) project's AMF component, a critical 5G core network function used in O-RAN and SD-Core deployments.

RemediationAI

Upgrade to OMEC AMF version 2.2.0 or later, released by vendor with fix confirmed via GitHub tag at https://github.com/omec-project/amf/releases/tag/v2.2.0. The patch (PR #666 at https://github.com/omec-project/amf/pull/666) addresses multiple security issues including nil pointer dereference checks, PLMN ID validation, SUCI decoding error handling, and metrics label sanitization. If immediate upgrade is not feasible, implement network-level compensating controls: (1) Restrict NGAP (N2 interface) access to authenticated, trusted gNodeB/RAN equipment only via IPsec or dedicated VPN tunnels - blocks remote unauthenticated attackers but does not prevent exploitation by compromised RAN nodes; (2) Deploy AMF behind stateful firewall with strict SCTP connection tracking and rate limiting on NG Setup Request messages - mitigates DoS amplification but may impact legitimate RAN registration under load; (3) Enable verbose NGAP logging and monitor for malformed InformationElement errors or repeated NG Setup failures from specific RAN sources - provides detection signal but no prevention. Note that workarounds do not eliminate risk if attacker has valid RAN credentials (PR:L). Vendor patch is the only complete remediation.

More in Amf

View all
CVE-2025-69248 HIGH POC
7.5 Feb 23

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of fr

CVE-2026-14623 LOW POC
2.1 Jul 04

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privil

CVE-2026-14624 LOW POC
2.1 Jul 04

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allo

CVE-2026-8783 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows a

CVE-2026-8782 LOW POC
2.1 May 18

Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access

CVE-2026-8781 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger d

CVE-2026-9301 LOW POC
2.1 May 23

Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticate

CVE-2026-9300 LOW POC
2.1 May 23

Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows networ

CVE-2026-9299 LOW POC
2.1 May 23

Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation

CVE-2026-9298 LOW POC
2.1 May 23

Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticat

CVE-2026-8780 LOW POC
2.1 May 18

Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-seve

CVE-2026-8349 LOW POC
2.1 May 11

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed m

Share

CVE-2026-8779 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy