Primary

Context

OMEC Project AMF Memory Corruption Vulnerability in NGSetupRequest Handler

Vulnerability

Patched

A memory corruption vulnerability has been identified in the OMEC Project AMF component, affecting versions through 2.1.1. The issue arises in the NGSetupRequest Handler, where improper handling of registration requests with invalid formats can lead to memory corruption. This vulnerability can be exploited remotely, causing the application to crash.

Impact

Exploitation of this vulnerability leads to a crash of the AMF application, causing a denial of service.

Reproduction

The vulnerability can be reproduced by sending an NGSetupRequest followed by a RegistrationRequest (InitialUEMessage) containing an invalid SUCI format. This sequence of packets will trigger the memory corruption issue, causing the application to crash.

Remediation

Users are advised to update to the latest version of OMEC Project AMF, as this vulnerability has been addressed in version 2.1.2.

Added: May 26, 2026, 1:41 PM

Updated: May 26, 2026, 1:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OMEC Project AMF Memory Corruption Vulnerability in NGSetupRequest Handler

Vulnerability

Impact

Reproduction

Remediation

Affected Products

omec-project amf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating