Executive Summary

CVE-2026-33903 is a vulnerability in Ella Core, a 5G core designed for private networks, affecting versions prior to 1.7.0. The issue occurs when the software processes a specially crafted NGAP (Next Generation Application Protocol) LocationReport message, which causes the application to panic and crash due to a NULL pointer dereference in the NGAP Location Report handler.

An attacker who can send crafted NGAP messages to the affected system can trigger this panic, leading to a denial of service by crashing the process that handles these messages.

The root cause is the software dereferencing pointers expected to be valid but actually NULL, especially when optional Information Elements (IEs) like AreaOfInterestList or LocationReportingReferenceIDToBeCancelled are missing in the Location Report message.

Version 1.7.0 fixes this vulnerability by adding explicit nil checks and guards in the NGAP Location Report handler to prevent such panics.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause the Ella Core process to crash when processing specially crafted NGAP LocationReport messages.

As a result, the service for all connected subscribers can be disrupted, leading to a denial of service (DoS) condition.

The impact is limited to availability, with no loss of confidentiality or integrity, but the disruption can affect network reliability and user connectivity.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability manifests as a panic or crash in the Ella Core process when it processes specially crafted NGAP LocationReport messages. Detection can focus on monitoring for unexpected process crashes or panic logs related to NGAP message handling.

Specifically, look for log warnings or errors indicating missing Information Elements (IEs) such as AreaOfInterestList or LocationReportingReferenceIDToBeCancelled in NGAP Location Report messages, as the patched version logs warnings when these are nil.

Commands to detect this might include:

• Checking system logs or Ella Core logs for panic or crash messages related to NGAP Location Report handling.
• Using tools like `journalctl -u ella-core.service` or `docker logs <ella-core-container>` to review recent logs for panic traces.
• Monitoring process uptime and automatic restarts indicating crashes.
• Capturing and analyzing NGAP traffic on the network interface with tools like `tcpdump` or `wireshark` to identify suspicious or malformed LocationReport messages.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade Ella Core to version 1.7.0 or later, where the vulnerability has been fixed by adding guards against nil pointer dereferences in the NGAP Location Report handler.

Until the upgrade can be applied, consider restricting or filtering NGAP messages from untrusted or potentially malicious sources to prevent crafted LocationReport messages from reaching the system.

Additionally, monitor the system for crashes or panics and implement automated restarts or alerts to minimize service disruption.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability causes a denial of service by crashing the Ella Core 5G core process when processing specially crafted NGAP LocationReport messages, leading to service disruption for all connected subscribers.

While the CVE description and resources detail the technical impact as availability loss (no confidentiality or integrity impact), there is no explicit information provided about how this affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0