PT-2026-42877

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...

AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...

amf 缓冲区错误漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain a buffer error vulnerability. This vulnerability stems from unknown functions in the ngap/dispatcher.go file within the NGAP Message Handler component, which can lea...

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability, which stems from issues with the NGAP Message Handler component. This vulnerability may lead to memory corruption...

CVE-2026-30079

In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...

EUVD-2026-19237

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome...

CVE-2026-30078

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome...

CVE-2026-30077

OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88...

OpenAirInterface 安全漏洞

OpenAirInterface is a mobile communication network software platform developed by the French company OpenAirInterface. Version OpenAirInterface V2.2.0 contains a security vulnerability; this vulnerability stems from failed decoding of messages, which may lead to an AMF crash...

CVE-2026-30077

OpenAirInterface V2.2.0 AMF is affected by a crash when handling certain message decode failures. The issue is not triggered by all decode failures, but is reproducible for specific inputs (example hex stream: 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88). Connected sources confirm the p...

CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

CVE-2026-33904

The CVE entry CVE-2026-33904 is reserved/placeholder with no publicly available technical details in the provided documents. No affected products, impact, or remediation are disclosed. Monitor for updates.

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from deadlocks in the SCTP notification handler of AMF, which could all...

CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NA...

CVE-2023-50020

An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF...

PT-2025-46186

Name of the Vulnerable Software and Affected Versions Open5GS version 2.7.6 Description The software may experience a denial of service when receiving an abnormal NGSetupRequest message, causing the AMF component to crash. Recommendations At the moment, there is no information about a newer versi...

EUVD-2025-24084

Malicious code in bioql PyPI...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper validation of the 5GS mobile identity by the AMF in the Registration Request. An attacker can cause a slice reference overflow by sending specially crafted input data. Remediation Upgrade...

CVE-2025-8803

A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function gmmstatederegistered/gmmstateexception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 2.7.6 is able t...