Lucene search
+L

86 matches found

nvd
nvd
added 2026/06/01 5:16 p.m.16 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

7.5CVSS0.00437EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 5:16 p.m.14 views

CVE-2026-37227

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

7.5CVSS0.00415EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 5:16 p.m.20 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS0.00415EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 5:16 p.m.15 views

CVE-2026-37222

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...

7.5CVSS0.00428EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 3:16 p.m.18 views

CVE-2026-37221

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

7.5CVSS0.00347EPSS
Exploits0References2
cve
cve
added 2026/06/01 12:0 a.m.35 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(), allowing a remote unauthenticated attacker to send decodable E2AP PDUs with a type not in the whitelist to crash the iApp proce...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 12:0 a.m.14 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

5.8AI score0.00347EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/01 12:0 a.m.12 views

CVE-2026-37221

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

5.8AI score0.00347EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 12:0 a.m.8 views

CVE-2026-37221

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

5.8AI score0.00347EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/01 12:0 a.m.12 views

CVE-2026-37222

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...

5.9AI score0.00428EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/01 12:0 a.m.32 views

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

0.00428EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.9 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from reachable assert0 calls within the stub message processor, which could allow remote unauthenticated attackers to send E2AP message...

7.5CVSS5.4AI score0.00415EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/01 12:0 a.m.11 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

5.8AI score0.00347EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.13 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the use of the assert function to enforce mapping relationships before sending the E2SETUPREQUEST message. This could allow remote...

7.5CVSS5.4AI score0.00347EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.15 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability stems from the use of the assert function to enforce the existence of pending events when processing RICSUBSCRIPTIONRESPONSE with an unknown...

7.5CVSS5.4AI score0.00347EPSS
Exploits0References2
cve
cve
added 2026/06/01 12:0 a.m.23 views

CVE-2026-37222

FlexRIC v2.0.0 contains a vulnerability where the stack asserts exact Information Element (IE) counts in decoded E2AP messages instead of validating against protocol ranges. An unauthenticated remote attacker can send a valid E2AP PDU (for example, an E2setupRequest with extra optional fields) th...

7.5CVSS5.9AI score0.00428EPSS
Exploits0References2
cve
cve
added 2026/06/01 12:0 a.m.29 views

CVE-2026-37226

FlexRIC v2.0.0 is vulnerable: when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node, the lookup returns NULL and triggers an abort in Debug builds (SIGABRT) or a segfault in Release builds (SIGSEGV), allowing a remote unauthenticated attacker to crash the iApp ...

7.5CVSS6AI score0.00642EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.26 views

PT-2026-45507

FlexRIC v2.0.0 contains a reachable assertion in e2ap recv sctp msg src/lib/ep/e2ap ep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP...

6.1AI score0.00642EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from a failure in ASN.1 PER decoding, resulting in a reachable assertion in e2apcreatepdu. This could allow unauthorized remote attackers ...

7.5CVSS5.4AI score0.00624EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the assertion in the e2aprecvsctpmsg function, where assertrc len is used. This could allow unauthorized remote attackers to send SCT...

7.5CVSS5.4AI score0.00642EPSS
Exploits1References3
Rows per page
Query Builder