CVE-2026-8779
Memory Corruption in omec-project amf via NGSetupRequest
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| omec-project | amf | to 2.1.3-dev (inc) |
| omec-project | amf | 2.2.0 |
| omec-project | amf | 2.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8779 is a vulnerability in the Access and Mobility Management Function (AMF) component of the omec-project, specifically affecting the NGSetupRequest function in the ngap/handler.go file. When the argument InformationElement is manipulated, it can cause memory corruption leading to a crash due to invalid memory access or a nil pointer dereference. This vulnerability can be exploited remotely by sending a malformed NGSetupRequest message with no valid information elements, causing the AMF to panic and crash.
The issue was reported in version 2.0.2 and fixed in version 2.2.1. The vulnerability results from improper handling of malformed NGAP messages, leading to segmentation faults during message processing.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause the AMF component to crash due to memory corruption, resulting in a denial of service (DoS) condition in the 5G core network. Since the AMF is a critical control plane function responsible for managing mobility, registration, and security contexts, its failure can disrupt network operations, impacting connectivity and service availability for users.
The attack can be launched remotely without user interaction, making it easier for attackers to cause service interruptions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The CVE-2026-8779 vulnerability causes the Access and Mobility Management Function (AMF) to crash when it receives a malformed NGSetupRequest message with no valid information elements, leading to a segmentation fault (SIGSEGV). Detection can involve monitoring the AMF logs for panic messages indicating a nil pointer dereference in the HandleNGSetupRequest function within the NGAP handler module.
To detect exploitation attempts or the vulnerability on your system, you can monitor the AMF process for crashes or segmentation faults and inspect logs for error messages related to NGSetupRequest handling.
Specific commands might include:
- Checking system logs for AMF crashes: `journalctl -u amf.service -f` or `docker logs <amf_container>` if running in Docker.
- Using network packet capture tools like tcpdump or Wireshark to filter and analyze NGAP messages, specifically looking for malformed NGSetupRequest messages.
- Example tcpdump command to capture NGAP traffic (assuming NGAP uses SCTP port 38412): `tcpdump -i <interface> port 38412 -w ngap_capture.pcap`
- Analyzing captured packets with Wireshark to identify malformed NGSetupRequest messages.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to upgrade the omec-project AMF component to version 2.2.1 or later, as this version contains the fix for the CVE-2026-8779 vulnerability.
If upgrading immediately is not possible, consider implementing network-level protections such as filtering or blocking malformed NGSetupRequest messages to prevent exploitation.
Additionally, monitor the AMF logs for crashes or panic messages to detect potential exploitation attempts and respond accordingly.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-8779 on compliance with common standards and regulations such as GDPR or HIPAA.