DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-32319: CVE-2026-32319: Unauthenticated Denial of Service in Ella Core AMF via Malformed NAS Messages

#security #cve #cybersecurity

CVE-2026-32319: Unauthenticated Denial of Service in Ella Core AMF via Malformed NAS Messages

Vulnerability ID: CVE-2026-32319
CVSS Score: 7.5
Published: 2026-03-12

CVE-2026-32319 is a high-severity unauthenticated Denial of Service (DoS) vulnerability in the Ella Core 5G network implementation. The Access and Mobility Management Function (AMF) fails to validate the length of integrity-protected Non-Access Stratum (NAS) messages before performing slice operations. This out-of-bounds read leads to a runtime panic, resulting in process termination and complete service disruption for all subscribers.

TL;DR

An out-of-bounds read in Ella Core's AMF allows unauthenticated attackers to crash the 5G core by sending undersized NAS messages over the N2 interface.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-125: Out-of-bounds Read
  • Attack Vector: Network (AV:N)
  • CVSS Score: 7.5 (High)
  • Impact: Denial of Service (Process Crash)
  • Exploit Status: Proof-of-Concept
  • Authentication Required: None

Affected Systems

  • Ella Core AMF
  • Ella Core UPF (Secondary affected component prior to 1.5.1)
  • Ella Core: < 1.5.1 (Fixed in: 1.5.1)

Code Analysis

Commit: 722e79f

Direct fix for undersized NAS payload bounds check

Commit: 1e404ee

Secondary fix for NGAP PathSwitchRequest panic

Exploit Details

  • Advisory / Fix Commit: Information required to generate a PoC (2-byte NAS-PDU) is present in the fix commit analysis.

Mitigation Strategies

  • Upgrade Ella Core to version 1.5.1 or later.
  • Implement network segmentation to restrict N2 interface access to authorized infrastructure only.
  • Deploy process supervision (e.g., systemd, Kubernetes restart policies) to automatically recover the AMF in the event of a crash.

Remediation Steps:

  1. Verify the current version of Ella Core operating in the environment.
  2. Review the release notes for Ella Core version 1.5.1.
  3. Schedule a maintenance window to apply the update.
  4. Deploy the updated binary and verify successful AMF initialization.
  5. Monitor application logs post-update to confirm the absence of runtime panics.

References

Read the full report for CVE-2026-32319 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)