VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 1, 2026· Updated Jun 1, 2026

CVE-2026-37224

CVE-2026-37224

Description

FlexRIC v2.0.0 is vulnerable to a remote denial-of-service attack due to an improper assertion when processing duplicate E2_SETUP_REQUEST messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

FlexRIC v2.0.0 is vulnerable to a remote denial-of-service attack due to an improper assertion when processing duplicate E2_SETUP_REQUEST messages.

Vulnerability

FlexRIC v2.0.0 through at least commit 6a595d8b contains a reachable assertion in the iApp registry component [1]. Specifically, the function add_reg_e2_node() in src/lib/msg_hand/reg_e2_nodes.c uses an assert() statement to enforce uniqueness of the GlobalE2node_ID [1]. This code path is reachable when the system receives a duplicate E2_SETUP_REQUEST message, which the application incorrectly treats as an impossible internal state rather than a recoverable error [1].

Exploitation

An unauthenticated remote attacker can trigger this vulnerability by sending two E2_SETUP_REQUEST messages with the same GlobalE2node_ID to the near-RT RIC over SCTP port 36421 [1]. The second request causes the registry to attempt an insertion of an already registered identity, which triggers the assertion and results in a SIGABRT [1].

Impact

Successful exploitation results in a denial-of-service condition, as the iApp process aborts immediately upon hitting the assertion [1]. This disrupts the near-RT RIC functionality, preventing it from managing E2 nodes until the process is manually restarted [1].

Mitigation

No upstream fix was available at the time of publication [1]. Operators are advised to restrict access to the E2 SCTP port 36421 to trusted nodes only to prevent unauthorized requests [1].

References
  1. oran-security-advisories-zhongnan-luo/advisories/CVE-2026-37224.md at main · MinamiKotor1/oran-security-advisories-zhongnan-luo

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The iApp registry uses an assert() statement to enforce E2 node ID uniqueness, which causes the process to abort when a duplicate registration is received."

Attack vector

A remote unauthenticated attacker can trigger this vulnerability by sending two E2_SETUP_REQUEST messages containing the same GlobalE2node_ID to the near-RT RIC over SCTP port 36421 [ref_id=1]. The second request causes the application to reach an assertion failure, resulting in a denial of service [ref_id=1].

Affected code

The vulnerability is located in the `add_reg_e2_node()` function within the file `src/lib/msg_hand/reg_e2_nodes.c`, specifically between lines 167 and 185 [ref_id=1].

What the fix does

No upstream fix is currently available for this vulnerability [ref_id=1]. The advisory recommends that operators restrict E2 SCTP access to trusted nodes to prevent unauthorized registration attempts [ref_id=1]. Future remediation should replace the assertion with logic that either makes the E2 setup idempotent or returns a recoverable duplicate-registration error [ref_id=1].

Preconditions

  • networkThe attacker must have network access to the near-RT RIC over SCTP port 36421.

Reproduction

Send two E2_SETUP_REQUEST messages with the same GlobalE2node_ID to the near-RT RIC over SCTP port 36421 [ref_id=1].

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.