Description
FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
Published: 2026-06-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in FlexRIC 2.0.0 where closing an SCTP association before sending an E2_SETUP_REQUEST triggers an assertion failure. This real‑time RIC implementation incorrectly assumes a mapping between the SCTP association and the E2 node during cleanup, which is enforced by an assert that terminates the process. This violation matches CWE‑617: Improper Control of Resource Consumption, as the software does not validate the existence of the necessary SCTP association before cleanup. An attacker can exploit this by initiating a minimal SCTP handshake on port 36421 and immediately disconnecting; no authentication or E2AP messages are required. The result is a crash of the near‑RT RIC service, which leads to a denial of service for any user relying on that RIC instance.

Affected Systems

FlexRIC version 2.0.0 is affected. No other vendors or product variants are listed in the CNA data. Administrators should verify that their deployment uses that specific version and confirm whether any subsequent releases have addressed the issue.

Risk and Exploitability

The CVSS score is 7.5, which is considered High, but the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the attack does not require authentication and only triggers a crash, the risk is high for availability. The attacker can be a remote adversary with minimal effort, and any exposed FlexRIC instance will be vulnerable until patched or mitigated.

Generated by OpenCVE AI on June 1, 2026 at 21:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and deploy a patched release of FlexRIC that removes the assertion or validates the SCTP association before cleanup
  • If a patch is not available, enforce network segmentation or firewall rules to restrict access to port 36421 to trusted hosts only
  • Configure monitoring or logging to alert on frequent SCTP disconnect events or RIC crashes, and ensure backups or high‑availability configurations are in place

Generated by OpenCVE AI on June 1, 2026 at 21:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Mosaic5g
Mosaic5g flexric
Vendors & Products Mosaic5g
Mosaic5g flexric

Mon, 01 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title SCTP Handshake Mismanagement Causes Remote Denial of Service in FlexRIC

Mon, 01 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title FlexRIC Near‑RT RIC Crash and Denial of Service via SCTP Handshake
Weaknesses CWE-682

Mon, 01 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title FlexRIC Near‑RT RIC Crash and Denial of Service via SCTP Handshake
Weaknesses CWE-682

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
References

Subscriptions

Mosaic5g Flexric
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T16:46:53.924Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37220

cve-icon Vulnrichment

Updated: 2026-06-01T16:45:47.834Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T15:16:34.163

Modified: 2026-06-01T18:09:03.137

Link: CVE-2026-37220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:55:34Z

Weaknesses