Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Ella Core: Malformed Messages Can Crash the System
GHSA-j478-p7vq-3347
CVE-2026-32320
Summary
Ella Core software can crash if it receives a specific type of malformed message, which can cause service disruptions for connected subscribers. This can happen without any authentication being required. To fix this, the software developers have added a check to prevent this type of crash from occurring.
What to do
- Update github.com ellanetworks to version 1.5.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | ellanetworks | <= 1.5.1 | 1.5.1 |
Original title
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Original description
## Summary
Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.
## Impact
An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
## Fix
Added length validation on NR algorithm bitstrings before accessing them in the PathSwitchRequest handler.
Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.
## Impact
An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
## Fix
Added length validation on NR algorithm bitstrings before accessing them in the PathSwitchRequest handler.
ghsa CVSS3.1
6.5
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026