216.73.217.22

CVE-2026-37229

· Published 01/06/2026 19:16 · Modified 02/06/2026 14:35

Labels: CVE-2026-37229 2026-06-01CVE-2026-37229CWE-617[email protected]

Essential information

Published
01/06/2026 19:16
Modified
02/06/2026 14:35
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the process via SIGABRT. The assertion is reached before any protocol-level validation occurs. All three E2AP protocol versions (v1.01, v2.03, v3.01) are affected.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
flexric / flexric cpe:2.3:a:flexric:flexric:2.0.0:*:*:*:*:*:*:*
flexric / e2ap protocol cpe:2.3:a:flexric:e2ap_protocol:v1.01:*:*:*:*:*:*:*
flexric / e2ap protocol cpe:2.3:a:flexric:e2ap_protocol:v2.03:*:*:*:*:*:*:*
flexric / e2ap protocol cpe:2.3:a:flexric:e2ap_protocol:v3.01:*:*:*:*:*:*:*

References