Skip to main content

omec-project AMF CVE-2026-8780

| EUVDEUVD-2026-30727 LOW
Buffer Overflow (CWE-119)
2026-05-18 VulDB GHSA-3x4g-259h-5p7c
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
May 18, 2026 - 02:29 vuln.today
Analysis Generated
May 18, 2026 - 02:29 vuln.today
Severity Changed
May 18, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
May 18, 2026 - 02:22 NVD
4.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.

AnalysisAI

Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-severity availability impact via malformed NGAP messages. The vulnerability resides in ngap/dispatcher.go where insufficient null-pointer validation and input sanitization in the NGAP message handler permits memory corruption. Public exploit code exists (GitHub issue #670) with vendor-released fix in version 2.2.0. Despite CVSS 2.1 base score, exploitation probability is low (CVSS:4.0 E:P indicates POC exists) and impact limited to partial availability degradation - authentication required (PR:L) and no confidentiality or integrity impact (VC:N/VI:N).

Technical ContextAI

The vulnerability affects the 5G Access and Mobility Management Function (AMF) component from the Open Networking Foundation's OMEC project, specifically the NGAP (Next Generation Application Protocol) message dispatcher in ngap/dispatcher.go. NGAP is the control-plane signaling protocol between 5G RAN (Radio Access Network) and the core network AMF. The flaw is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as missing null-pointer checks before dereferencing SCTP load-balancer messages, RAN context objects, NGAP PDU structures, and mobile identity fields. Source code evidence from PR #666 shows multiple functions (dispatchLb, DispatchNgapMsg, NgapMsgHandler, FetchUeContextWithMobileIdentity) lacked defensive validation, allowing null or malformed data to propagate into memory operations. The patch adds explicit nil-checks and UTF-8 sanitization for Prometheus telemetry labels, preventing crashes from invalid SUCI (Subscription Concealed Identifier) parsing and malformed 5G mobile identity payloads. CPE cpe:2.3:a:omec-project:amf identifies the affected software as the standalone AMF network function implementation.

RemediationAI

Upgrade to omec-project AMF version 2.2.0 or later, which includes comprehensive input validation fixes via pull request #666 (https://github.com/omec-project/amf/pull/666). The patch adds null-pointer checks in dispatchLb, DispatchNgapMsg, NgapMsgHandler, and FetchUeContextWithMobileIdentity functions, plus UTF-8 validation for telemetry labels and error handling for malformed SUCI parsing. Release artifact available at https://github.com/omec-project/amf/releases/tag/v2.2.0. If immediate upgrade is infeasible, implement network-level controls: restrict NGAP connectivity to authenticated, trusted gNodeB endpoints only via firewall rules limiting TCP/SCTP port access to the AMF NGAP listener, deploy intrusion detection signatures to detect malformed NGAP message patterns (specifically null or undersized MobileIdentity5GSContents fields), and enable verbose NGAP message logging to detect exploitation attempts manifesting as repeated memory corruption errors or AMF process crashes. Note that restricting NGAP access breaks core 5G network functionality, so this is temporary defense-in-depth only - patching to 2.2.0 is the definitive fix. Monitor AMF process health and restart policies to ensure service resilience against potential crash-based denial of service during the vulnerable window.

More in Amf

View all
CVE-2025-69248 HIGH POC
7.5 Feb 23

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of fr

CVE-2026-14623 LOW POC
2.1 Jul 04

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privil

CVE-2026-14624 LOW POC
2.1 Jul 04

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allo

CVE-2026-8783 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows a

CVE-2026-8782 LOW POC
2.1 May 18

Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access

CVE-2026-8781 LOW POC
2.1 May 18

Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger d

CVE-2026-9301 LOW POC
2.1 May 23

Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticate

CVE-2026-9300 LOW POC
2.1 May 23

Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows networ

CVE-2026-9299 LOW POC
2.1 May 23

Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation

CVE-2026-9298 LOW POC
2.1 May 23

Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticat

CVE-2026-8779 LOW POC
2.1 May 18

Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers

CVE-2026-8349 LOW POC
2.1 May 11

Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed m

Share

CVE-2026-8780 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy