Skip to main content

Suse CVE-2026-32319

HIGH
Out-of-bounds Read (CWE-125)
2026-03-12 https://github.com/ellanetworks/core GHSA-m9pm-w3gv-c68f
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 13, 2026 - 08:35 vuln.today
CVE Published
Mar 12, 2026 - 20:33 nvd
HIGH 7.5

DescriptionGitHub Advisory

Summary

Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.

Impact

An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Added length verification to NAS message handling.

AnalysisAI

High severity vulnerability in Ella Networks Core. Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.

Technical ContextAI

Vulnerability Type: Out-of-bounds Read (CWE-125) CVSS 3.1: 7.5/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: None | User Interaction: None Attack Techniques: Information Disclosure, Buffer Overflow Source: https://github.com/ellanetworks/core

RemediationAI

Security advisories:

  • https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-32319 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy