Description
FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the process via SIGABRT. The assertion is reached before any protocol-level validation occurs. All three E2AP protocol versions (v1.01, v2.03, v3.01) are affected.
Published: 2026-06-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FlexRIC version 2.0.0 contains a reachable assertion in the e2ap_create_pdu() routine that is triggered when the ASN.1 PER decoder fails to parse incoming data. The assertion is reached before any protocol‑level validation, causing the process to abort with SIGABRT. An unauthenticated attacker can supply an arbitrary non‑PER byte sequence over SCTP to the near‑RT RIC (port 36421) or the iApp (port 36422), which results in a crash of the affected service. The vulnerability represents a denial of service that can be exploited remotely without authentication, potentially disrupting the operation of near‑RT RIC infrastructure and related services.

Affected Systems

The flaw affects FlexRIC v2.0.0, with all supported E2AP protocol versions (v1.01, v2.03, v3.01) impacted. The vulnerable points are the SCTP listeners on ports 36421 (near‑RT RIC) and 36422 (iApp). No specific vendor or product naming beyond FlexRIC is provided.

Risk and Exploitability

The flaw is exploitable by an unauthenticated attacker who can send any crafted byte sequence over SCTP to the exposed ports. The EPSS score is present but less than 1%, indicating a very low exploitation probability, and the flaw is not listed in KEV, but the immediate availability of the crash vector makes the risk high from an availability perspective. The CVSS score is 7.5, indicating a high severity vulnerability.

Generated by OpenCVE AI on June 2, 2026 at 16:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FlexRIC to a version that resolves the assertion failure.
  • If an update is not immediately possible, block or filter SCTP traffic on ports 36421 and 36422 to prevent the crafted inputs from reaching the vulnerable process.
  • Monitor system logs for abnormal SIGABRT events and review application health metrics to detect potential exploitation attempts.

Generated by OpenCVE AI on June 2, 2026 at 16:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mosaic5g:flexric:2.0.0:*:*:*:*:*:*:*

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Mosaic5g
Mosaic5g flexric
Vendors & Products Mosaic5g
Mosaic5g flexric

Tue, 02 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service Due to Assertion Failure in FlexRIC E2AP Decoding

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Remote Assertion Failure in FlexRIC Causing Process Crash via SCTP
Weaknesses CWE-385

Tue, 02 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Remote Assertion Failure in FlexRIC Causing Process Crash via SCTP
Weaknesses CWE-385

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the process via SIGABRT. The assertion is reached before any protocol-level validation occurs. All three E2AP protocol versions (v1.01, v2.03, v3.01) are affected.
References

Subscriptions

Mosaic5g Flexric
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-02T12:59:56.629Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37229

cve-icon Vulnrichment

Updated: 2026-06-02T12:59:45.687Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T19:16:33.293

Modified: 2026-06-03T17:16:30.170

Link: CVE-2026-37229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:55:20Z

Weaknesses