Description
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.
Published: 2026-05-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory corruption flaw exists in omec-project AMF, affecting the PDUSessionResourceModifyIndication handler for all versions up to 2.1.1. The vulnerability allows an attacker to supply crafted input that triggers a buffer overflow, corrupting memory on the server. While the description confirms that remote exploitation is possible, it does not explicitly state that arbitrary code execution is guaranteed; however, memory corruption could lead to unexpected behavior or loss of integrity.

Affected Systems

The affected product is omec-project AMF. Any deployment running version 2.1.1 or earlier is vulnerable; upgrades beyond 2.1.1 are presumed to contain a fix.

Risk and Exploitability

The CVSS score of 5.3 classifies the issue as moderate severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, yet an exploit has been published and could be leveraged in real attacks. The likely attack vector is remote, involving network traffic that triggers the PDUSessionResourceModifyIndication interface; therefore, systems exposed to external networks are at risk.

Generated by OpenCVE AI on May 23, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update omec-project AMF to the latest patched release.
  • If an upgrade is not immediately possible, isolate the AMF service by restricting inbound traffic to trusted IP ranges or implementing firewall rules.
  • Enable detailed logging on the AMF server and monitor for signs of memory corruption, unexpected crashes, or anomalous process behavior.

Generated by OpenCVE AI on May 23, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.
Title omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-119
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-23T11:00:14.603Z

Reserved: 2026-05-22T17:44:58.828Z

Link: CVE-2026-9299

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T13:00:07Z

Weaknesses