Lucene search
+L

110 matches found

redhatcve
redhatcve
added 2026/06/05 7:46 p.m.14 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/02 4:1 p.m.13 views

CVE-2026-37233

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eqxappricgenid in src/ric/iApp/xappricid.c compares m0-xappid against itself m0-xappid instead of the other argument m1-xappid, effectively ignoring the xApp identity dimension. A malicio...

7.5CVSS5.8AI score0.00454EPSS
Exploits1References1
nvd
nvd
added 2026/06/01 7:16 p.m.14 views

CVE-2026-37231

FlexRIC v2.0.0 uses a uint16t counter for xappid assignment but stores the value in uint32t message fields. After 65,530+ E42SETUPREQUESTs, the 16-bit counter wraps around and produces duplicate xappids. The iApp port 36422 crashes when attempting to register a duplicate ID in its internal data...

7.5CVSS0.00488EPSS
Exploits1References2
euvd
euvd
added 2026/06/01 6:31 p.m.14 views

EUVD-2026-33699

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References3
euvd
euvd
added 2026/06/01 6:31 p.m.14 views

EUVD-2026-33697

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References3
nvd
nvd
added 2026/06/01 5:16 p.m.32 views

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

7.5CVSS0.00428EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 5:16 p.m.16 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

7.5CVSS0.00437EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 5:16 p.m.20 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS0.00415EPSS
Exploits0References2
cve
cve
added 2026/06/01 12:0 a.m.35 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(), allowing a remote unauthenticated attacker to send decodable E2AP PDUs with a type not in the whitelist to crash the iApp proce...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/01 12:0 a.m.32 views

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

0.00428EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.9 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the iApp message distributor using assert for validation of the allowlist, which may allow remote unauthenticated attackers to send...

7.5CVSS5.4AI score0.00437EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.14 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the use of hardcoded assertions to verify the count of information elements in E2AP messages, rather than using the protocol-specifi...

7.5CVSS5.4AI score0.00428EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.14 views

PT-2026-45453

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

5.8AI score0.00437EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/01 12:0 a.m.32 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

0.00415EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/01 12:0 a.m.12 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

5.8AI score0.00415EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/01 12:0 a.m.14 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

5.8AI score0.00437EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability stems from the iApp registry using assert instead of gracefully rejecting forced node ID uniqueness. This could allow remote unauthenticated...

7.5CVSS5.4AI score0.00428EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/01 12:0 a.m.33 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

0.00437EPSS
Exploits0References2
cve
cve
added 2026/06/01 12:0 a.m.25 views

CVE-2026-37225

FlexRIC v2.0.0 is affected by CVE-2026-37225. The iApp crashes (SIGABRT) when processing an E42_RIC_SUBSCRIPTION_REQUEST that contains an empty ricEventTriggerDefinition field. The E42 layer decoder accepts the empty field, but the E2AP encoder enforces a non-empty constraint when forwarding the ...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 12:0 a.m.11 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

5.8AI score0.00345EPSS
Exploits1References3
Rows per page
Query Builder