Skip to main content

Suse CVE-2026-32320

MEDIUM
Out-of-bounds Read (CWE-125)
2026-03-12 https://github.com/ellanetworks/core GHSA-j478-p7vq-3347
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 13, 2026 - 08:35 vuln.today
CVE Published
Mar 12, 2026 - 20:33 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

Summary

Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.

Impact

An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Added length validation on NR algorithm bitstrings before accessing them in the PathSwitchRequest handler.

AnalysisAI

Medium severity vulnerability in Ella Networks Core. Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.

Technical ContextAI

Vulnerability Type: Out-of-bounds Read (CWE-125) CVSS 3.1: 6.5/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: Low | User Interaction: None Attack Techniques: Information Disclosure, Denial Of Service, Buffer Overflow Source: https://github.com/ellanetworks/core

RemediationAI

Security advisories:

  • https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-32320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy