CVE-2026-37230
Analyzed Analyzed - Analysis Complete
Near-RT RIC Crash via Invalid ran_func_id in RIC_INDICATION

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: MITRE

Description
FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in Debug builds (SIGABRT) or NULL pointer dereference in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by sending a crafted RIC_INDICATION with an arbitrary ran_func_id value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37230
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mosaic5g flexric 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-37230 is a vulnerability in FlexRIC version 2.0.0 where the near-RT RIC component crashes upon receiving a RIC_INDICATION message containing a ran_func_id that does not exist in its registry.

The issue arises because the lookup for the ran_func_id returns NULL, which triggers an assert() failure in debug builds causing the program to abort, or a NULL pointer dereference in release builds causing a segmentation fault.

This vulnerability can be exploited remotely by an unauthenticated attacker who sends a specially crafted RIC_INDICATION message with an arbitrary ran_func_id value to the near-RT RIC's SCTP port 36421.

Impact Analysis

This vulnerability can cause the near-RT RIC to crash or abort unexpectedly, leading to a denial of service condition.

Since the attacker can trigger this remotely without authentication, it poses a significant risk of service disruption.

Such crashes can affect the availability and reliability of the affected system, potentially impacting network operations that rely on FlexRIC.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for suspicious RIC_INDICATION messages sent to SCTP port 36421 with invalid or non-existent ran_func_id values.

You can use network packet capture tools such as tcpdump or Wireshark to filter and inspect SCTP traffic on port 36421.

  • tcpdump -i <interface> port 36421 and sctp
  • Analyze captured packets for RIC_INDICATION messages containing ran_func_id values that do not match the registry of valid function IDs.
Mitigation Strategies

Immediate mitigation steps include restricting E2 SCTP access to trusted nodes only, effectively limiting who can send RIC_INDICATION messages to the near-RT RIC.

Additionally, implement validation of ran_func_id values before processing them to prevent crashes caused by invalid IDs.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37230. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart