MEDIUM 6.3
GHSA-6p7m-c3mw-4gmw
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Details
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue.
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/omec-project/amf
Introduced in:
0 Fixed in: 1.7.1-0.20260421213846-34bc6724acc9 Fix
go get github.com/omec-project/amf@v1.7.1-0.20260421213846-34bc6724acc9 References
- https://nvd.nist.gov/vuln/detail/CVE-2026-9300 [ADVISORY]
- https://github.com/omec-project/amf/issues/679 [WEB]
- https://github.com/omec-project/amf/pull/666 [WEB]
- https://github.com/omec-project/amf/commit/34bc6724acc97dba1f8691e586da95b042cb612d [WEB]
- https://github.com/omec-project/amf [PACKAGE]
- https://vuldb.com/submit/811841 [WEB]
- https://vuldb.com/vuln/365247 [WEB]
- https://vuldb.com/vuln/365247/cti [WEB]