Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Ella Core can be crashed by a malicious message
GHSA-m9pm-w3gv-c68f
CVE-2026-32319
Summary
A hacker can send a specially crafted message to Ella Core, causing it to crash and temporarily stop working for all users. This can happen without needing a password or login. To fix this, a developer has added a check to prevent such malicious messages.
What to do
- Update github.com ellanetworks to version 1.5.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | ellanetworks | <= 1.5.1 | 1.5.1 |
Original title
Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload
Original description
## Summary
Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.
## Impact
An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
## Fix
Added length verification to NAS message handling.
Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.
## Impact
An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
## Fix
Added length verification to NAS message handling.
ghsa CVSS3.1
7.5
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026