MEDIUM 6.5 Go
Ella Core panics when processing a crafted NGAP LocationReport message
GHSA-f2f3-9cx3-wcmf · CVE-2026-33903 · GO-2026-4875
Published · Modified
Description
Summary
Ella Core panics when processing a specially crafted NGAP LocationReport message.
Impact
An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers.
Fix
Add guards in NGAP Location Report handler.
References
- WEB https://github.com/ellanetworks/core/security/advisories/GHSA-f2f3-9cx3-wcmf
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-33903
- WEB https://github.com/ellanetworks/core/commit/ec77a2ad4508f8488cb356fd45b2f1efd92587f8
- PACKAGE https://github.com/ellanetworks/core
- WEB https://github.com/ellanetworks/core/releases/tag/v1.7.0
Ready to move
Start Securing
Free, no credit card | First findings in minutes