CVE-2026-8782
MEDIUM4.3EPSS 0.05%AMF Vulnerable to Improper Resource Shutdown or Release
發布日:2026/5/18修改日:2026/5/28
描述
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.2.0 mitigates this issue. It is recommended to upgrade the affected component. The same pull request fixes multiple security issues.
受影響套件(1)
- Go/github.com/omec-project/amffrom 0, < 2.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P |
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-8782
- PATCHhttps://github.com/omec-project/amf
- WEBhttps://github.com/omec-project/amf/issues/674
- WEBhttps://github.com/omec-project/amf/pull/666
- WEBhttps://github.com/omec-project/amf/releases/tag/v2.2.0
- WEBhttps://vuldb.com/submit/811654
- WEBhttps://vuldb.com/vuln/364406
- WEBhttps://vuldb.com/vuln/364406/cti