Amf
Monthly
Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticated remote attackers to corrupt memory by sending malformed NGReset messages to the 5G core network component. The vulnerability stems from insufficient validation of PLMN ID strings in SUCI (Subscription Concealed Identifier) processing within the NGReset message handler. Public exploit code exists (GitHub issue #678), and vendor patch is available (PR #666 upgrading to version 2.2.0). EPSS data not available but exploit code publication increases real-world exploitation likelihood for targeted attacks against 5G core infrastructure.
Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows network-adjacent authenticated attackers to corrupt process memory via crafted NGAP messages or malformed SUCI values, affecting confidentiality, integrity, and availability. The vulnerability stems from missing nil-pointer guards in the NGAP dispatcher and absent input validation when parsing Subscription Concealed Identifiers (SUCI) during UE registration and identity response flows. Exploit code has been publicly disclosed (GitHub issue #679), and no public exploit identified at time of analysis confirms active KEV exploitation, though the CVSS temporal vector E:P confirms proof-of-concept availability.
Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation via crafted NGAP PDUSessionResourceModifyIndication messages, allowing low-privileged attackers to achieve partial confidentiality, integrity, and availability impact on the Access and Mobility Management Function. A publicly available exploit exists (confirmed by CVSS E:P and GitHub issue #681), and an official vendor patch has been released in version 2.2.0 via PR #666. No CISA KEV listing was identified at time of analysis, so active widespread exploitation is not confirmed.
Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticated remote attackers to corrupt memory by sending crafted NGAP or NAS messages targeting the PathSwitchRequest handler and related message processing paths. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:L/I:L/A:L) indicates low-complexity network exploitation requiring only low-privilege credentials, with partial impacts across confidentiality, integrity, and availability. Publicly available exploit code exists (confirmed by GitHub issue #680 and the E:P temporal modifier); no active exploitation is confirmed in CISA KEV.
Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows authenticated remote attackers to trigger denial of service via crafted NGAP UERadioCapabilityCheckResponse messages. The vulnerability exists in ngap/dispatcher.go where insufficient null pointer validation permits exploitation through the 5G network interface. Public exploit code exists (GitHub issue #675), and vendor-released patch v2.2.0 is available via PR #666, which also addresses multiple related security issues in NGAP message handling and mobile identity parsing.
Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access and Mobility Management Function via crafted NGAP messages that trigger null pointer dereference in ngap/handler.go. Public exploit code exists (GitHub issue #674). Affects OMEC 5G core network deployments. Patched in version 2.2.0 via PR #666, which addresses multiple security issues including malformed SUCI handling and missing null checks across NGAP message parsing.
Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger denial of service via crafted NGAP messages to the RANConfiguration function. The vulnerability (CVE-2026-8781) affects the Access and Mobility Management Function component of the Open Mobile Evolved Core, a critical element in 5G networks. Publicly available exploit code exists (GitHub issue #673), but CVSS 2.1 (Low) reflects limited availability impact and low-privilege authentication requirement. Vendor-released patch: version 2.2.0 (GitHub PR #666).
Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-severity availability impact via malformed NGAP messages. The vulnerability resides in ngap/dispatcher.go where insufficient null-pointer validation and input sanitization in the NGAP message handler permits memory corruption. Public exploit code exists (GitHub issue #670) with vendor-released fix in version 2.2.0. Despite CVSS 2.1 base score, exploitation probability is low (CVSS:4.0 E:P indicates POC exists) and impact limited to partial availability degradation - authentication required (PR:L) and no confidentiality or integrity impact (VC:N/VI:N).
Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers to crash the 5G core network component by sending crafted NGAP NG Setup Request messages with malformed InformationElement fields. Affects OMEC AMF versions up to 2.1.3-dev. Publicly available exploit code exists (GitHub issue #671), and vendor patch released in version 2.2.0. CVSS 4.3 (Low severity) reflects low availability impact, requiring authentication (PR:L), but real-world risk is moderate for 5G network operators given public POC and critical infrastructure role of AMF in mobile core networks.
Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed mobile identity payloads, allowing authenticated remote attackers to cause denial of service through buffer overflow. Publicly available exploit code exists; vendor released patched version 2.2.0 via GitHub PR #666. CVSS 4.3 (low severity) reflects authentication requirement (PR:L) and availability-only impact, but real-world exploitation risk depends on deployment context.
Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]
Memory corruption in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows authenticated remote attackers to corrupt memory by sending malformed NGReset messages to the 5G core network component. The vulnerability stems from insufficient validation of PLMN ID strings in SUCI (Subscription Concealed Identifier) processing within the NGReset message handler. Public exploit code exists (GitHub issue #678), and vendor patch is available (PR #666 upgrading to version 2.2.0). EPSS data not available but exploit code publication increases real-world exploitation likelihood for targeted attacks against 5G core infrastructure.
Memory corruption in the omec-project AMF (Access and Mobility Management Function) NGSetupRequest Handler allows network-adjacent authenticated attackers to corrupt process memory via crafted NGAP messages or malformed SUCI values, affecting confidentiality, integrity, and availability. The vulnerability stems from missing nil-pointer guards in the NGAP dispatcher and absent input validation when parsing Subscription Concealed Identifiers (SUCI) during UE registration and identity response flows. Exploit code has been publicly disclosed (GitHub issue #679), and no public exploit identified at time of analysis confirms active KEV exploitation, though the CVSS temporal vector E:P confirms proof-of-concept availability.
Memory corruption in omec-project AMF versions up to 2.1.1 exposes 5G core network infrastructure to remote exploitation via crafted NGAP PDUSessionResourceModifyIndication messages, allowing low-privileged attackers to achieve partial confidentiality, integrity, and availability impact on the Access and Mobility Management Function. A publicly available exploit exists (confirmed by CVSS E:P and GitHub issue #681), and an official vendor patch has been released in version 2.2.0 via PR #666. No CISA KEV listing was identified at time of analysis, so active widespread exploitation is not confirmed.
Memory corruption in omec-project AMF (Access and Mobility Management Function) through version 2.1.1 allows authenticated remote attackers to corrupt memory by sending crafted NGAP or NAS messages targeting the PathSwitchRequest handler and related message processing paths. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:L/I:L/A:L) indicates low-complexity network exploitation requiring only low-privilege credentials, with partial impacts across confidentiality, integrity, and availability. Publicly available exploit code exists (confirmed by GitHub issue #680 and the E:P temporal modifier); no active exploitation is confirmed in CISA KEV.
Null pointer dereference in OMEC Project AMF (Access and Mobility Management Function) versions up to 2.1.3-dev allows authenticated remote attackers to trigger denial of service via crafted NGAP UERadioCapabilityCheckResponse messages. The vulnerability exists in ngap/dispatcher.go where insufficient null pointer validation permits exploitation through the 5G network interface. Public exploit code exists (GitHub issue #675), and vendor-released patch v2.2.0 is available via PR #666, which also addresses multiple related security issues in NGAP message handling and mobile identity parsing.
Remote denial of service in omec-project AMF versions up to 2.1.3-dev allows authenticated attackers to crash the Access and Mobility Management Function via crafted NGAP messages that trigger null pointer dereference in ngap/handler.go. Public exploit code exists (GitHub issue #674). Affects OMEC 5G core network deployments. Patched in version 2.2.0 via PR #666, which addresses multiple security issues including malformed SUCI handling and missing null checks across NGAP message parsing.
Null pointer dereference in OMEC Project AMF versions up to 2.1.3-dev allows remote authenticated attackers to trigger denial of service via crafted NGAP messages to the RANConfiguration function. The vulnerability (CVE-2026-8781) affects the Access and Mobility Management Function component of the Open Mobile Evolved Core, a critical element in 5G networks. Publicly available exploit code exists (GitHub issue #673), but CVSS 2.1 (Low) reflects limited availability impact and low-privilege authentication requirement. Vendor-released patch: version 2.2.0 (GitHub PR #666).
Memory corruption in omec-project AMF versions up to 2.1.3-dev allows authenticated remote attackers to trigger low-severity availability impact via malformed NGAP messages. The vulnerability resides in ngap/dispatcher.go where insufficient null-pointer validation and input sanitization in the NGAP message handler permits memory corruption. Public exploit code exists (GitHub issue #670) with vendor-released fix in version 2.2.0. Despite CVSS 2.1 base score, exploitation probability is low (CVSS:4.0 E:P indicates POC exists) and impact limited to partial availability degradation - authentication required (PR:L) and no confidentiality or integrity impact (VC:N/VI:N).
Memory corruption in OMEC Project's Access and Mobility Management Function (AMF) allows authenticated remote attackers to crash the 5G core network component by sending crafted NGAP NG Setup Request messages with malformed InformationElement fields. Affects OMEC AMF versions up to 2.1.3-dev. Publicly available exploit code exists (GitHub issue #671), and vendor patch released in version 2.2.0. CVSS 4.3 (Low severity) reflects low availability impact, requiring authentication (PR:L), but real-world risk is moderate for 5G network operators given public POC and critical infrastructure role of AMF in mobile core networks.
Memory corruption in OMEC Project AMF up to version 2.1.1 occurs in the NGAP Message Handler when processing malformed mobile identity payloads, allowing authenticated remote attackers to cause denial of service through buffer overflow. Publicly available exploit code exists; vendor released patched version 2.2.0 via GitHub PR #666. CVSS 4.3 (low severity) reflects authentication requirement (PR:L) and availability-only impact, but real-world exploitation risk depends on deployment context.
Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]