7.5

CVE-2026-32319

EPSS 0.31%
Veröffentlicht 12.03.2026 21:33:32
Zuletzt bearbeitet 19.03.2026 13:45:33
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ellanetworks ≫ Ella Core Version < 1.5.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.22

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-32319

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32319

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32319

EUVD