Is Null Pointer Dereference affected by CVE-2026-33283?

CVE-2026-33283 presents notable security risk, a null pointer dereference vulnerability rated CVSS 6.5. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-33283

MEDIUM

2026-03-19 https://github.com/ellanetworks/core

GHSA-3366-gw57-fcm5

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 19, 2026 - 18:00 vuln.today

CVE Published

Mar 19, 2026 - 17:47 nvd

MEDIUM 6.5

Description

## Summary Ella Core panics when processing malformed UL NAS Transport NAS messages without a Request Type. ## Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. ## Fix Add a guard when receiving an UL NAS Message without a Request Type given no SM Context.

Analysis

Ella Core contains a null pointer dereference vulnerability (CWE-476) that causes the process to panic when processing malformed UL NAS Transport NAS messages that lack a Request Type field, particularly when no SM Context is present. An attacker with network access and minimal privileges can send crafted NAS messages to trigger this crash, resulting in complete denial of service for all connected subscribers without requiring authentication. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: 0

CVE-2026-33283 vulnerability details – vuln.today

Back

CVE-2026-33283

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-33283

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code