A vulnerability was determined in omec-project amf up to 2.1.3-dev
A memory corruption vulnerability exists in the omec-project amf, allowing remote attackers to corrupt memory by manipulating the InformationElement argument in the NGSetupRequest function. This can cause the program to crash or execute arbitrary code. The vulnerability can be exploited by sending a crafted request to the affected component.
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.
Users of the omec-project amf up to version 2.1.3-dev are at risk of remote memory corruption attacks, which can lead to denial-of-service or potentially more severe consequences.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0
Affected Products
7
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Exploitability
Impact