GHSA-q669-4gmv-g8mf

Source

https://github.com/advisories/GHSA-q669-4gmv-g8mf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-q669-4gmv-g8mf/GHSA-q669-4gmv-g8mf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q669-4gmv-g8mf

Aliases

CVE-2026-33281

Published

2026-03-19T17:47:01Z

Modified

2026-03-19T18:02:25.902303Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Ella Core panics on invalid PDU Session IDs in NGAP messages

Details

Summary

Ella Core panics when processing NGAP messages with invalid PDU Session IDs outside of 1-15.

Impact

An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.

Fix

Added PDU Session ID validations during NGAP message handling.

Database specific

{
    "github_reviewed_at": "2026-03-19T17:47:01Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-129"
    ],
    "nvd_published_at": null,
    "severity": "MODERATE"
}

References

Affected packages

Go / github.com/ellanetworks/core

Package

Name: github.com/ellanetworks/core; View open source insights on deps.dev
Purl: pkg:golang/github.com/ellanetworks/core

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-q669-4gmv-g8mf/GHSA-q669-4gmv-g8mf.json"