← back
CVE-2026-9299

omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption

CVSS 5.3 MEDIUMEPSS 0.2%CWE-119
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
omec-project · amf
public PoCs found1
cve_referencegithub.com/omec-project/amf/issues/681unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/omec-project/amf/https://github.com/omec-project/amf/issues/681https://github.com/omec-project/amf/pull/666https://vuldb.com/submit/811829https://vuldb.com/vuln/365246https://vuldb.com/vuln/365246/cti