Suse
CVE-2026-33281
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Ella Core panics when processing NGAP messages with invalid PDU Session IDs outside of 1-15.
Impact
An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
Fix
Added PDU Session ID validations during NGAP message handling.
AnalysisAI
Ella Core contains an input validation flaw that causes the process to panic when receiving NGAP messages with PDU Session IDs outside the valid range of 1-15, enabling unauthenticated attackers to trigger denial of service affecting all connected subscribers. The vulnerability (CWE-129: Improper Validation of Array Index) carries a CVSS score of 6.5 with network-level attack vector and low complexity, though it requires low privilege context according to the vector string. No active exploitation in the wild has been confirmed, but the straightforward nature of crafting malformed NGAP messages means proof-of-concept development is feasible.
Technical ContextAI
Ella Core is a Go-based 5G network core implementation (pkg:go/github.com_ellanetworks_core) that processes NGAP (NG Application Protocol) messages according to 3GPP specifications. The vulnerability stems from insufficient bounds checking on PDU Session ID parameters during NGAP message parsing. CWE-129 (Improper Validation of Array Index) specifically describes cases where user-supplied input is used as an array index without proper validation, allowing out-of-bounds access or exception generation. In this context, PDU Session IDs are defined by 3GPP standards to be integers in the range 1-15, yet the Ella Core implementation failed to validate this constraint before processing or acting upon these values, resulting in an unhandled panic condition in the Go runtime.
RemediationAI
Upgrade Ella Core to the patched version released in response to GHSA-q669-4gmv-g8mf—consult the GitHub security advisory at https://github.com/ellanetworks/core/security/advisories/GHSA-q669-4gmv-g8mf for the specific version number and deployment instructions. The fix involves adding proper PDU Session ID validation (range 1-15) during NGAP message handling before any processing occurs. As an interim compensating control, restrict network access to NGAP message sources to trusted 5G peer entities and implement rate-limiting on malformed NGAP messages at the network perimeter. Monitor Ella Core process logs for panic events and establish alerting on unexpected process restarts, which may indicate exploitation attempts.
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-q669-4gmv-g8mf