Suse
CVE-2026-32319
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.
Impact
An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
Fix
Added length verification to NAS message handling.
AnalysisAI
High severity vulnerability in Ella Networks Core. Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.
Technical ContextAI
Vulnerability Type: Out-of-bounds Read (CWE-125) CVSS 3.1: 7.5/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: None | User Interaction: None Attack Techniques: Information Disclosure, Buffer Overflow Source: https://github.com/ellanetworks/core
RemediationAI
Security advisories:
- https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
GHSA-m9pm-w3gv-c68f