Description
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.
Published: 2026-05-11
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The AMF component of omec‑project contains a flaw in its NGAP Message Handler that allows malformed NGAP messages to cause memory corruption. This weakness is a classic buffer overflow described by CWE‑119 and can lead to unpredictable program state if exploited. The official description does not state whether the corruption can trigger arbitrary code execution, so the impact stops at memory corruption without a confirmed RCE outcome.

Affected Systems

All installations of omec‑project amf with versions up through 2.1.1 are known to be vulnerable; versions 2.2.0 and later contain the fix and are not affected.

Risk and Exploitability

The CVSS base score of 5.3 indicates a moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, although a publicly available exploit exists. Based on the description, it is inferred that the attack can be launched remotely by sending crafted NGAP messages over the network. The exploit does not require local privileges, so any networked attacker who can reach the AMF interface is a potential threat.

Generated by OpenCVE AI on May 12, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch referenced by commit 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa to amf.
  • Upgrade to amf version 2.2.1 or later which includes the fix.
  • Restrict NGAP traffic to trusted peers using a network firewall or ACLs to limit exposure.

Generated by OpenCVE AI on May 12, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Omec-project
Omec-project amf
Vendors & Products Omec-project
Omec-project amf

Mon, 11 May 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.
Title omec-project amf NGAP Message memory corruption
Weaknesses CWE-119
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T23:30:13.596Z

Reserved: 2026-05-11T16:28:46.399Z

Link: CVE-2026-8349

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T00:17:03.600

Modified: 2026-05-12T00:17:03.600

Link: CVE-2026-8349

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:22:13Z

Weaknesses