CVE-2026-8779

Source
https://cve.org/CVERecord?id=CVE-2026-8779
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8779.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8779
Aliases
Published
2026-05-18T01:15:12.132Z
Modified
2026-07-08T08:09:50.041308085Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
omec-project amf handler.go NGSetupRequest memory corruption
Details

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.1.3-dev"
                },
                {
                    "last_affected": "2.1.3-dev"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8779.json",
    "cwe_ids": [
        "CWE-119"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/omec-project/amf

Affected ranges

Type
GIT
Repo
https://github.com/omec-project/amf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.1.1
v1.2.0
v1.3.0
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8779.json"