CVE-2026-37230
Received Received - Intake
Near-RT RIC Crash via Invalid ran_func_id in RIC_INDICATION

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in Debug builds (SIGABRT) or NULL pointer dereference in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by sending a crafted RIC_INDICATION with an arbitrary ran_func_id value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-37230
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-37230 is a vulnerability in FlexRIC version 2.0.0 where the near-RT RIC component crashes upon receiving a RIC_INDICATION message containing a ran_func_id that does not exist in its registry.

The issue arises because the lookup for the ran_func_id returns NULL, which triggers an assert() failure in debug builds causing the program to abort, or a NULL pointer dereference in release builds causing a segmentation fault.

This vulnerability can be exploited remotely by an unauthenticated attacker who sends a specially crafted RIC_INDICATION message with an arbitrary ran_func_id value to the near-RT RIC's SCTP port 36421.


How can this vulnerability impact me? :

This vulnerability can cause the near-RT RIC to crash or abort unexpectedly, leading to a denial of service condition.

Since the attacker can trigger this remotely without authentication, it poses a significant risk of service disruption.

Such crashes can affect the availability and reliability of the affected system, potentially impacting network operations that rely on FlexRIC.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring network traffic for suspicious RIC_INDICATION messages sent to SCTP port 36421 with invalid or non-existent ran_func_id values.

You can use network packet capture tools such as tcpdump or Wireshark to filter and inspect SCTP traffic on port 36421.

  • tcpdump -i <interface> port 36421 and sctp
  • Analyze captured packets for RIC_INDICATION messages containing ran_func_id values that do not match the registry of valid function IDs.

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting E2 SCTP access to trusted nodes only, effectively limiting who can send RIC_INDICATION messages to the near-RT RIC.

Additionally, implement validation of ran_func_id values before processing them to prevent crashes caused by invalid IDs.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart