CVE-2026-32319
Denial of Service via Malformed NAS Messages in Ella Core
Publication date: 2026-03-13
Last updated on: 2026-03-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ellanetworks | ella_core | to 1.5.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32319 is a high-severity vulnerability in the Ella Core 5G core software prior to version 1.5.1. The vulnerability occurs when the software processes a malformed integrity-protected NGAP/NAS message that is shorter than 7 bytes. This causes an out-of-bounds read, leading the system to panic and crash.
An attacker can exploit this by sending specially crafted NAS messages without needing any authentication or user interaction, triggering the crash.
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service (DoS) condition by crashing the Ella Core process. When exploited, it disrupts service for all connected subscribers, severely impacting availability.
Since no authentication is required to exploit this, an attacker can easily cause service disruption remotely.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability occurs when Ella Core processes malformed integrity-protected NGAP/NAS messages shorter than 7 bytes, causing the process to panic and crash.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your network or system, monitor for unusual crashes or panics in the Ella Core process logs that coincide with receipt of NGAP/NAS messages.'}, {'type': 'paragraph', 'content': 'Specifically, you can capture and analyze network traffic for NGAP/NAS messages with lengths under 7 bytes, which are malformed and trigger the vulnerability.'}, {'type': 'list_item', 'content': 'Use packet capture tools like tcpdump or Wireshark to filter NGAP/NAS messages and check their length.'}, {'type': 'list_item', 'content': 'Example tcpdump command to capture NGAP/NAS messages (assuming standard ports):'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -w capture.pcap 'udp port <NGAP/NAS port>'"}, {'type': 'list_item', 'content': 'Then analyze the capture with Wireshark to identify messages shorter than 7 bytes.'}, {'type': 'list_item', 'content': 'Additionally, monitor system logs for Ella Core process crashes or panics that may indicate exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Ella Core to version 1.5.1 or later, where the vulnerability is fixed by adding length verification to NAS message handling.
Until the upgrade can be applied, consider implementing network-level filtering to block malformed NGAP/NAS messages shorter than 7 bytes from untrusted sources.
Also, monitor the Ella Core process for crashes and restart it promptly to minimize service disruption.