Volerion logoVolerion
Volerion logoVolerion

OMEC Project AMF Memory Corruption Vulnerability in PDUSessionResourceModifyIndication Function

Vulnerability

A memory corruption vulnerability has been identified in the OMEC Project AMF control plane function for 5G core networks, affecting versions through 2.1.1. The issue arises in the PDUSessionResourceModifyIndication function within the NGAP handler file. This vulnerability allows for remote exploitation, leading to a crash of the AMF component.

Impact

Exploitation of this vulnerability causes a segmentation fault, crashing the AMF process. The error log indicates a nil pointer dereference, which is a common cause of such crashes in Go applications.

Reproduction

The vulnerability can be reproduced by sending a PDUSessionResourceModifyIndication message over NGAP before the necessary NG Context has been established. This can be done using a network simulation tool or script that sends NGAP messages to the AMF component.

Remediation

Users are advised to update to the latest version of OMEC Project AMF, where this vulnerability has been addressed.

Added: May 26, 2026, 1:46 PM
Updated: May 26, 2026, 1:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
8.7
remediation
0.0
relevance
9.2
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.