Skip to main content

Suse CVE-2026-33283

MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-19 https://github.com/ellanetworks/core GHSA-3366-gw57-fcm5
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 19, 2026 - 18:00 vuln.today
CVE Published
Mar 19, 2026 - 17:47 nvd
MEDIUM 6.5

DescriptionGitHub Advisory

Summary

Ella Core panics when processing malformed UL NAS Transport NAS messages without a Request Type.

Impact

An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Add a guard when receiving an UL NAS Message without a Request Type given no SM Context.

AnalysisAI

Ella Core contains a null pointer dereference vulnerability (CWE-476) that causes the process to panic when processing malformed UL NAS Transport NAS messages that lack a Request Type field, particularly when no SM Context is present. An attacker with network access and minimal privileges can send crafted NAS messages to trigger this crash, resulting in complete denial of service for all connected subscribers without requiring authentication. The CVSS 6.5 score reflects the high availability impact, though the requirement for low privileges (PR:L) and network-only access (AV:N) constrains the overall severity.

Technical ContextAI

This vulnerability affects Ella Core (pkg:go/github.com_ellanetworks_core), a 5G/LTE network core component implemented in Go. The affected code processes UL (Uplink) NAS (Non-Access Stratum) Transport messages, which are part of the 3GPP mobile network protocol stack used for signaling between user equipment and the network core. The root cause is a null pointer dereference (CWE-476) in the message handling logic when the Request Type field is absent and no Session Management (SM) Context exists. The code fails to validate the presence of the Request Type field before dereferencing it, causing an unhandled panic that crashes the entire process. This is a classic memory safety issue in Go where a missing guard clause allows a nil pointer to be accessed.

RemediationAI

Apply the patch provided in the GitHub security advisory GHSA-3366-gw57-fcm5 by upgrading Ella Core to the fixed version available at https://github.com/ellanetworks/core/security/advisories/GHSA-3366-gw57-fcm5. The fix adds a guard clause to validate the presence of a Request Type when processing UL NAS messages without an SM Context, preventing the null pointer dereference. Until patching is possible, network segmentation and access controls should restrict NAS message transmission to trusted sources, and monitoring should be implemented to detect malformed NAS messages. Consider deploying a message validation proxy or firewall rule that drops NAS packets lacking required fields before they reach Ella Core.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-33283 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy