Primary

Context

OMEC Project AMF Memory Corruption Vulnerability in NGAP Message Handler

Vulnerability

A memory corruption vulnerability has been identified in the OMEC Project AMF component, specifically in versions through 2.1.1. The issue arises within the NGAP Message Handler, where improper handling of certain messages can lead to memory corruption. This vulnerability can be exploited remotely, causing the AMF process to crash. The problem has been acknowledged and fixed in the latest release, version 2.2.1.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the AMF process.

Reproduction

The vulnerability can be reproduced by sending a malformed NGAP LocationReport message to the AMF instance. This message should include specific byte sequences that trigger the nil pointer dereference, causing the application to crash.

Remediation

Users are advised to update to OMEC Project AMF version 2.2.1, where this vulnerability has been fixed.

Added: May 12, 2026, 12:20 AM

Updated: May 12, 2026, 12:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OMEC Project AMF Memory Corruption Vulnerability in NGAP Message Handler

Vulnerability

Impact

Reproduction

Remediation

Affected Products

omec-project amf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating