2.1 LOW
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): Low (L)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Exploit Maturity (E): POC (P)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): Low (L)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
Activity log
- Created suggestion
omec-project amf NGAP Message RRCInactiveTransitionReport denial of service
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue.
References
-
VDB-376139 | omec-project amf NGAP Message RRCInactiveTransitionReport denial of service technical-descriptionvdb-entry
-
-
CVE-2026-14623 | CVE Analysis and Report third-party-advisory
-
Submit #845348 | Linux Foundation Projects SD-Core 2.1.1 Memory Corruption third-party-advisory
-
-
Affected products
- ==2.1.1
- ==2.1.0
Matching in nixpkgs
pkgs.amf
AMD's closed source Advanced Media Framework (AMF) driver
-
nixos-unstable 1.4.34-1787253
- nixpkgs-unstable 1.4.34-1787253
- nixos-unstable-small 1.4.34-1787253
-
nixos-26.05 1.4.34-1787253
- nixos-26.05-small 1.4.34-1787253
- nixpkgs-26.05-darwin 1.4.34-1787253
pkgs.bamf
Application matching framework
pkgs.amfora
Fancy terminal browser for the Gemini protocol
pkgs.ramfetch
Tool which displays memory information
pkgs.cramfsswap
Swap endianess of a cram filesystem (cramfs)
pkgs.samfirm-js
Program for downloading Samsung firmware
-
nixos-unstable 0.3.0-unstable-2023-12-27
- nixpkgs-unstable 0.3.0-unstable-2023-12-27
- nixos-unstable-small 0.3.0-unstable-2023-12-27
-
nixos-26.05 0.3.0-unstable-2023-12-27
- nixos-26.05-small 0.3.0-unstable-2023-12-27
- nixpkgs-26.05-darwin 0.3.0-unstable-2023-12-27
pkgs.amf-headers
Headers for The Advanced Media Framework (AMF)
pkgs.cramfsprogs
Tools to create, check, and extract content of CramFs images
-
nixos-unstable 2.1-unstable-2025-01-27
- nixpkgs-unstable 2.1-unstable-2025-01-27
- nixos-unstable-small 2.1-unstable-2025-01-27
-
nixos-26.05 2.1-unstable-2025-01-27
- nixos-26.05-small 2.1-unstable-2025-01-27
- nixpkgs-26.05-darwin 2.1-unstable-2025-01-27
pkgs.ArchiSteamFarm
Application with primary purpose of idling Steam cards from multiple accounts simultaneously
pkgs.archisteamfarm
Application with primary purpose of idling Steam cards from multiple accounts simultaneously
pkgs.python313Packages.py3amf
Action Message Format (AMF) support for Python 3
pkgs.python314Packages.py3amf
Action Message Format (AMF) support for Python 3
pkgs.python313Packages.dissect-cramfs
Dissect module implementing a parser for the CRAMFS file system
Package maintainers
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
-
@devusb Morgan Helton <mhelton@devusb.us>
-
@deifactor Ash Zahlen <ext0l@riseup.net>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@davidak David Kleuker <post@davidak.de>
-
@Pamplemousse Xavier Maso <xav.maso@gmail.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@zhaofengli Zhaofeng Li <hello@zhaofeng.li>
-
@markbeep Mark <mrkswrn@gmail.com>
-
@ungeskriptet David Wronek <nix@david-w.eu>