OMEC Project AMF Memory Corruption Vulnerability in NGReset Message Handler

A memory corruption vulnerability has been identified in the OMEC Project AMF component, affecting versions through 2.1.1. The issue arises in the NGReset Message Handler, where improper handling of NGReset messages can lead to memory corruption. This vulnerability can be exploited remotely, and the public availability of the exploit increases the urgency for users to apply the recommended patch.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the AMF component. This was observed in version 2.0.2, where the application failed to properly handle malformed NGReset messages, resulting in a memory access violation.

Reproduction

The vulnerability can be reproduced by sending a malformed NGReset message to the AMF component. This can be done by using a network tool or script that allows the sending of custom NGAP messages. The malformed message should be crafted to exploit the improper handling in the NGReset Message Handler, causing a memory corruption that leads to a crash.

Remediation

Users are advised to update to the latest version of the OMEC Project AMF, where this vulnerability has been addressed.