Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ella Core panics on invalid PDU Session IDs in NGAP messages
Vulnerability Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added PDU Session ID validations during NGAP message handling.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
Ella Core 输入验证错误漏洞
Vulnerability Description
Ella Core是Ella Networks开源的一个用于私有网络的5G核心网解决方案。 Ella Core 1.6.0之前版本存在输入验证错误漏洞,该漏洞源于处理具有无效PDU会话ID的NGAP消息时发生内核崩溃,可能导致服务中断。
CVSS Information
N/A
Vulnerability Type
N/A