GO-2026-4875 Ella Core panics when processing a crafted NGAP LocationReport message in github.com/ellanetworks/core

Ella Core panics when processing a crafted NGAP LocationReport message in github.com/ellanetworks/core...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the NGAP LocationReport message handler. An attacker can cause the process to crash and disrupt service for all connected subscribers by sending specially crafted NGAP messages. Remediation Upgrade...

CVE-2026-33903

Ella Core (private 5G core) is affected by CVE-2026-33903. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message, allowing an attacker to crash the process and cause service disruption for all connected subscribers. The fix is included in version 1.7.0, whi...

CVE-2026-33282

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE. An attacker able to send crafted NGAP messages t...