GHSA-55q8-2gwx-29pc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-55q8-2gwx-29pc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-55q8-2gwx-29pc/GHSA-55q8-2gwx-29pc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-55q8-2gwx-29pc
- Aliases
- Published
- 2026-03-26T22:15:54Z
- Modified
- 2026-04-02T21:26:08.014846084Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Ella Core Panics during NAS Authentication Response/Failure with missing IEs
- Details
-
Summary
Ella Core panics when processing Authentication Response and Authentication Failure NAS message missing IEs.
Impact
An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.
Fix
Added IE presence verification to NAS message handling.
- Database specific
{ "github_reviewed_at": "2026-03-26T22:15:54Z", "github_reviewed": true, "cwe_ids": [ "CWE-476" ], "nvd_published_at": "2026-03-27T21:17:27Z", "severity": "MODERATE" }- References
-
- https://github.com/ellanetworks/core/security/advisories/GHSA-55q8-2gwx-29pc
- https://nvd.nist.gov/vuln/detail/CVE-2026-33907
- https://github.com/ellanetworks/core/commit/52962660e3bd3e23c7e96b0da270ac1e0e705273
- https://github.com/ellanetworks/core
- https://github.com/ellanetworks/core/releases/tag/v1.7.0
Affected packages
Go / github.com/ellanetworks/core
Package
- Name
- github.com/ellanetworks/core
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/ellanetworks/core