Description
FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT) and dereferenced in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the iApp process (port 36422) by sending a subscription request with an arbitrary global_e2_node_id.
Published: 2026-06-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FlexRIC v2.0.0 contains a null pointer dereference triggered when the application receives an E42_RIC_SUBSCRIPTION_REQUEST that references a non‑existent E2 Node. In release builds the NULL pointer is dereferenced, causing a SIGSEGV, while debug builds abort with SIGABRT. The consequence is a denial‑of‑service for the iApp process listening on port 36422, allowing an attacker to force the application to terminate. The vulnerability is based on a missing null check and is classified under CWE‑476. The impact is limited to the affected process but can disrupt service availability as the iApp must restarted manually.

Affected Systems

The flaw is present in FlexRIC v2.0.0. No other version or vendor information is available. The impacted component is the iApp listening on port 36422.

Risk and Exploitability

The CVSS score is not provided, but the exploit is straightforward: an unauthenticated attacker can craft a subscription request with an arbitrary global_e2_node_id to trigger the crash. Because the attack requires only network connectivity to port 36422 and no authentication, the risk is high. The EPSS score is unavailable, and the vulnerability is not listed in CISA KEV, suggesting no confirmed exploitation yet but the potential for disruption remains.

Generated by OpenCVE AI on June 1, 2026 at 20:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FlexRIC to a version where the null pointer check in the subscription lookup has been added
  • If an upgrade is not immediately possible, disable or block inbound traffic to port 36422 from untrusted networks
  • Configure the application to run with increased logging and memory protection (e.g., stack canaries) to make crashes less disruptive

Generated by OpenCVE AI on June 1, 2026 at 20:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Remote Unauthenticated Process Crash via Null Dereference in FlexRIC Subscription Request
Weaknesses CWE-476

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT) and dereferenced in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the iApp process (port 36422) by sending a subscription request with an arbitrary global_e2_node_id.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T16:51:19.103Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37226

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T19:16:33.080

Modified: 2026-06-01T19:16:33.080

Link: CVE-2026-37226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T20:30:17Z

Weaknesses