Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ella Core panics on malformed NGAP Location Report
Vulnerability Description
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. Version 1.6.0 added IE presence verification to NGAP message handling.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Ella Core 代码问题漏洞
Vulnerability Description
Ella Core是Ella Networks开源的一个用于私有网络的5G核心网解决方案。 Ella Core 1.6.0之前版本存在代码问题漏洞,该漏洞源于处理格式错误的NGAP LocationReport消息时发生内核崩溃,可能导致服务中断。
CVSS Information
N/A
Vulnerability Type
N/A