Suse
CVE-2026-32320
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.
Impact
An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
Fix
Added length validation on NR algorithm bitstrings before accessing them in the PathSwitchRequest handler.
AnalysisAI
Medium severity vulnerability in Ella Networks Core. Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.
Technical ContextAI
Vulnerability Type: Out-of-bounds Read (CWE-125) CVSS 3.1: 6.5/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: Low | User Interaction: None Attack Techniques: Information Disclosure, Denial Of Service, Buffer Overflow Source: https://github.com/ellanetworks/core
RemediationAI
Security advisories:
- https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
GHSA-j478-p7vq-3347