Search criteria
7 vulnerabilities by omec-project
CVE-2026-8783 (GCVE-0-2026-8783)
Vulnerability from cvelistv5 – Published: 2026-05-18 02:15 – Updated: 2026-05-18 19:27
VLAI?
Title
omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference
Summary
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues.
Severity ?
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364407 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364407/cti | signaturepermissions-required |
| https://vuldb.com/submit/811655 | third-party-advisory |
| https://github.com/omec-project/amf/issues/675 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T19:27:12.464881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T19:27:39.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/811655"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.2.0 will fix this issue. Upgrading the affected component is advised. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:15:11.485Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364407 | omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364407"
},
{
"name": "VDB-364407 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364407/cti"
},
{
"name": "Submit #811655 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811655"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/675"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf dispatcher.go UERadioCapabilityCheckResponse null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8783",
"datePublished": "2026-05-18T02:15:11.485Z",
"dateReserved": "2026-05-17T09:56:04.123Z",
"dateUpdated": "2026-05-18T19:27:39.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8782 (GCVE-0-2026-8782)
Vulnerability from cvelistv5 – Published: 2026-05-18 02:00 – Updated: 2026-05-18 20:16
VLAI?
Title
omec-project amf NGAP Message handler.go null pointer dereference
Summary
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
Severity ?
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364406 | vdb-entry |
| https://vuldb.com/vuln/364406/cti | signaturepermissions-required |
| https://vuldb.com/submit/811654 | third-party-advisory |
| https://github.com/omec-project/amf/issues/674 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8782",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T20:15:48.680586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T20:16:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T02:00:17.310Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364406 | omec-project amf NGAP Message handler.go null pointer dereference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/364406"
},
{
"name": "VDB-364406 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364406/cti"
},
{
"name": "Submit #811654 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811654"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/674"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message handler.go null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8782",
"datePublished": "2026-05-18T02:00:17.310Z",
"dateReserved": "2026-05-17T09:56:01.676Z",
"dateUpdated": "2026-05-18T20:16:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8781 (GCVE-0-2026-8781)
Vulnerability from cvelistv5 – Published: 2026-05-18 01:45 – Updated: 2026-05-18 10:02
VLAI?
Title
omec-project amf handler.go RANConfiguration null pointer dereference
Summary
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues.
Severity ?
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364405 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364405/cti | signaturepermissions-required |
| https://vuldb.com/submit/811653 | third-party-advisory |
| https://github.com/omec-project/amf/issues/673 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T10:02:37.506803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T10:02:58.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 2.2.0 is sufficient to resolve this issue. Upgrading the affected component is recommended. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:45:11.285Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364405 | omec-project amf handler.go RANConfiguration null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364405"
},
{
"name": "VDB-364405 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364405/cti"
},
{
"name": "Submit #811653 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811653"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/673"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go RANConfiguration null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8781",
"datePublished": "2026-05-18T01:45:11.285Z",
"dateReserved": "2026-05-17T09:55:58.968Z",
"dateUpdated": "2026-05-18T10:02:58.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8780 (GCVE-0-2026-8780)
Vulnerability from cvelistv5 – Published: 2026-05-18 01:30 – Updated: 2026-05-18 14:29
VLAI?
Title
omec-project amf NGAP Message dispatcher.go memory corruption
Summary
A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364404 | vdb-entry |
| https://vuldb.com/vuln/364404/cti | signaturepermissions-required |
| https://vuldb.com/submit/811617 | third-party-advisory |
| https://github.com/omec-project/amf/issues/670 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:29:03.964979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:29:15.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might be used. Upgrading to version 2.2.0 is sufficient to fix this issue. It is suggested to upgrade the affected component. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:30:14.757Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364404 | omec-project amf NGAP Message dispatcher.go memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/364404"
},
{
"name": "VDB-364404 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364404/cti"
},
{
"name": "Submit #811617 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811617"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/670"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message dispatcher.go memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8780",
"datePublished": "2026-05-18T01:30:14.757Z",
"dateReserved": "2026-05-17T09:55:56.216Z",
"dateUpdated": "2026-05-18T14:29:15.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8779 (GCVE-0-2026-8779)
Vulnerability from cvelistv5 – Published: 2026-05-18 01:15 – Updated: 2026-05-18 17:51
VLAI?
Title
omec-project amf handler.go NGSetupRequest memory corruption
Summary
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/364403 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/364403/cti | signaturepermissions-required |
| https://vuldb.com/submit/811616 | third-party-advisory |
| https://github.com/omec-project/amf/issues/671 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://github.com/omec-project/amf/releases/tag/v2.2.0 | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.3-dev
Unaffected: 2.2.0 cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:31:09.511000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T17:51:33.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:omec-project:amf:*:*:*:*:*:*:*:*"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T01:15:12.132Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-364403 | omec-project amf handler.go NGSetupRequest memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/364403"
},
{
"name": "VDB-364403 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/364403/cti"
},
{
"name": "Submit #811616 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811616"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/671"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-17T12:01:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf handler.go NGSetupRequest memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8779",
"datePublished": "2026-05-18T01:15:12.132Z",
"dateReserved": "2026-05-17T09:55:52.168Z",
"dateUpdated": "2026-05-18T17:51:33.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8349 (GCVE-0-2026-8349)
Vulnerability from cvelistv5 – Published: 2026-05-11 23:30 – Updated: 2026-05-12 16:46
VLAI?
Title
omec-project amf NGAP Message memory corruption
Summary
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362663 | vdb-entry |
| https://vuldb.com/vuln/362663/cti | signaturepermissions-required |
| https://vuldb.com/submit/811475 | third-party-advisory |
| https://github.com/omec-project/amf/issues/672 | exploitissue-tracking |
| https://github.com/omec-project/amf/pull/666 | issue-trackingpatch |
| https://hub.docker.com/layers/omecproject/5gc-amf… | patch |
| https://github.com/omec-project/amf/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | amf |
Affected:
2.1.0
Affected: 2.1.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T16:46:28.224314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:46:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"NGAP Message Handler"
],
"product": "amf",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:30:13.596Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362663 | omec-project amf NGAP Message memory corruption",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/362663"
},
{
"name": "VDB-362663 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362663/cti"
},
{
"name": "Submit #811475 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811475"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/amf/issues/672"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/omec-project/amf/pull/666"
},
{
"tags": [
"patch"
],
"url": "https://hub.docker.com/layers/omecproject/5gc-amf/rel-2.2.1/images/sha256-8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa"
},
{
"tags": [
"product"
],
"url": "https://github.com/omec-project/amf/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-11T18:33:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project amf NGAP Message memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8349",
"datePublished": "2026-05-11T23:30:13.596Z",
"dateReserved": "2026-05-11T16:28:46.399Z",
"dateUpdated": "2026-05-12T16:46:42.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15156 (GCVE-0-2025-15156)
Vulnerability from cvelistv5 – Published: 2025-12-28 22:02 – Updated: 2025-12-29 16:08
VLAI?
Title
omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference
Summary
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity ?
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338534 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338534 | signaturepermissions-required |
| https://vuldb.com/?submit.719824 | third-party-advisory |
| https://github.com/omec-project/upf/issues/979 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| omec-project | UPF |
Affected:
2.1.3-dev
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T16:07:51.918366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T16:08:01.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"PFCP Session Establishment Request Handler"
],
"product": "UPF",
"vendor": "omec-project",
"versions": [
{
"status": "affected",
"version": "2.1.3-dev"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZiyuLin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-28T22:02:06.001Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338534 | omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338534"
},
{
"name": "VDB-338534 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338534"
},
{
"name": "Submit #719824 | Aether SD-Core UPF v2.1.3-dev NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.719824"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/omec-project/upf/issues/979"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-27T18:03:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15156",
"datePublished": "2025-12-28T22:02:06.001Z",
"dateReserved": "2025-12-27T16:58:02.810Z",
"dateUpdated": "2025-12-29T16:08:01.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}