CVE-2026-37231
Received Received - Intake
FlexRIC v2.0.0 xApp ID Wrap-Around Leading to iApp Crash

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate ID in its internal data structure. A remote attacker can trigger this by repeatedly connecting and requesting new xApp registrations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-37231
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-37231 is a vulnerability in FlexRIC v2.0.0 caused by inconsistent integer widths used for xapp_id assignment. The system uses a 16-bit counter for assigning xapp_ids but stores these IDs in 32-bit message fields. After about 65,530 assignments, the 16-bit counter wraps around, producing duplicate xapp_ids.

When the iApp receives a duplicate xapp_id during registration, it crashes because its internal data structure detects the duplicate and aborts the process. This can be triggered remotely by repeatedly sending E42_SETUP_REQUEST messages to the iApp's SCTP port 36422.


How can this vulnerability impact me? :

This vulnerability can lead to denial of service (DoS) conditions. Specifically, the iApp crashes when it encounters duplicate xapp_ids caused by the counter wraparound, interrupting normal operation.

An attacker can exploit this by repeatedly connecting and requesting new xApp registrations, causing the iApp to crash and potentially disrupting services relying on FlexRIC.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the volume of E42_SETUP_REQUEST messages sent to the iApp SCTP port 36422. An unusually high number of these setup requests may indicate an attempt to trigger the duplicate xapp_id wraparound issue.

You can use network monitoring tools or commands to observe traffic on port 36422 and count the number of E42_SETUP_REQUEST messages.

  • Use tcpdump to capture SCTP traffic on port 36422: tcpdump -i <interface> port 36422
  • Filter and count E42_SETUP_REQUEST messages by analyzing captured packets with Wireshark or tshark.
  • Monitor logs of the iApp for crashes or errors related to duplicate xapp_id registration.

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting iApp access to only trusted xApps to prevent unauthorized repeated setup requests.

Monitor and limit the volume of E42_SETUP_REQUEST messages to avoid triggering the 16-bit counter wraparound.

Ensure consistent integer widths for xapp_id assignment in the implementation to prevent truncation and duplicate IDs.

Since no upstream fix was available at the time of disclosure, applying network-level controls and monitoring is critical.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart