Description
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue.
Published: 2026-05-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in an unknown part of the NGSetupRequest handler in omec-project amf. When an attacker supplies carefully crafted input, a buffer overflow occurs that corrupts memory. This flaw can lead to arbitrary reads or writes, allowing an attacker to compromise confidentiality and integrity of the target system. The description explicitly states that the attack can be performed remotely and the exploit has been publicly disclosed.

Affected Systems

All installations of omec-project amf up to and including version 2.1.1 are affected. The flaw is present in an unspecified component of the NGSetupRequest module. No other product versions or vendors are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate risk, and the EPSS score is not available, meaning no data is currently available on exploit frequency. The vulnerability is not listed in CISA KEV, but the exploit has been disclosed to the public, implying potential for active exploitation. The likely attack vector is remote, as the description confirms a remote execution path. Exploitation requires sending malformed NGSetupRequest packets to the vulnerable service, which can be done over the network without local privileges.

Generated by OpenCVE AI on May 23, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch for omec-project amf that fixes the NGSetupRequest memory corruption.
  • Upgrade to a release version that contains the fix, such as 2.1.2 or later, if available.
  • Enable logging and monitoring to detect anomalous memory corruption or crashes associated with NGSetupRequest processing.

Generated by OpenCVE AI on May 23, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue.
Title omec-project amf NGSetupRequest memory corruption
First Time appeared Omec-project
Omec-project amf
Weaknesses CWE-119
CPEs cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*
Vendors & Products Omec-project
Omec-project amf
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Omec-project Amf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-23T11:45:12.057Z

Reserved: 2026-05-22T17:45:01.607Z

Link: CVE-2026-9300

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T13:30:18Z

Weaknesses