Suse
CVE-2026-33282
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Ella Core panics when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE.
Impact
An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
Fix
Added IE presence verification to NGAP message handling.
AnalysisAI
Ella Core is vulnerable to a denial of service attack via a null pointer dereference when processing malformed NGAP LocationReport messages that omit the required UEPresenceInAreaOfInterestList field. An unauthenticated attacker with network access can crash the Ella Core process, disrupting service for all connected subscribers. No patch is currently available.
Technical ContextAI
Ella Core is a Go-based 5G core network implementation as indicated by the CPE pkg:go/github.com_ellanetworks_core. The vulnerability occurs in the NGAP (Next Generation Application Protocol) message handling, specifically when processing LocationReport messages used in 5G networks for tracking user equipment presence. The root cause is CWE-476 (NULL Pointer Dereference), where the code attempts to access the UEPresenceInAreaOfInterestList information element without first verifying its presence in the message, leading to a panic condition in the Go runtime when this optional field is omitted.
RemediationAI
Update Ella Core to the latest version that includes the fix adding IE (Information Element) presence verification to NGAP message handling. The patch ensures proper validation of the UEPresenceInAreaOfInterestList field before processing LocationReport messages. Until patching is possible, implement network-level controls to restrict NGAP message sources to trusted network elements only, and monitor for unexpected process crashes that could indicate exploitation attempts. Full remediation details are available in the GitHub security advisory at https://github.com/ellanetworks/core/security/advisories/GHSA-826q-wrq4-p23x.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-826q-wrq4-p23x