CVE-2026-37229
FlexRIC Assertion Failure in E2AP PER Decoding
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-37229 is a vulnerability in FlexRIC v2.0.0 where a reachable assertion in the e2ap_create_pdu() function causes the process to crash when ASN.1 PER decoding fails.
A remote unauthenticated attacker can send any malformed or non-PER byte sequence, such as a single 0x00 byte, over SCTP to ports 36421 or 36422. This triggers a SIGABRT signal that terminates the near-RT RIC or iApp process.
The root cause is that the ASN.1 decoder helper asserts that decoding must succeed, and this assertion is reachable before any protocol-level validation occurs, making the system vulnerable to denial of service.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely by an unauthenticated attacker to cause a denial of service by crashing the near-RT RIC or iApp process.
The crash occurs due to a SIGABRT signal triggered by a failed assertion in the ASN.1 PER decoding process, which can disrupt service availability.
Since the assertion is reached before any protocol-level validation, any malformed message sent over SCTP to the affected ports can cause the crash.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for abnormal crashes of the near-RT RIC or iApp processes, which occur when malformed or non-PER byte sequences are sent over SCTP to ports 36421 or 36422.
To detect potential exploitation attempts on your network, you can capture and analyze SCTP traffic targeting these ports for unusual or malformed packets, such as single 0x00 bytes or other non-PER encoded sequences.
- Use tcpdump or tshark to capture SCTP traffic on ports 36421 and 36422, for example: tcpdump -i <interface> port 36421 or port 36422 and sctp
- Analyze captured packets for non-PER byte sequences or unexpected payloads that could trigger the assertion failure.
- Monitor system logs and process crash reports for SIGABRT signals related to the near-RT RIC or iApp processes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting SCTP access to only trusted peers to prevent unauthenticated attackers from sending malformed packets to the vulnerable ports.
Additionally, handling decode failures more gracefully by rejecting or dropping malformed messages instead of asserting can prevent process crashes.
Since no upstream fix was available at the time of disclosure, network-level controls such as firewall rules to block or limit SCTP traffic to ports 36421 and 36422 from untrusted sources are recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.