CVE-2026-37234
Analyzed Analyzed - Analysis Complete
Memory Leak in FlexRIC v2.0.0 via SCTP Connections

Publication date: 2026-06-01

Last updated on: 2026-06-05

Assigner: MITRE

Description
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequent xapp_ids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak subscription state in the iApp, potentially causing resource exhaustion or state corruption over time.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-05
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-20
NVD
CVE-2026-37234
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mosaic5g flexric 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FlexRIC v2.0.0 where a single SCTP connection can bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs.

When the connection disconnects, only the resources of the first registered xapp_id are cleaned up, while the subsequent xapp_ids and their subscriptions remain as stale entries.

A remote attacker can exploit this behavior to leak subscription state in the iApp, which may lead to resource exhaustion or state corruption over time.

Impact Analysis

The vulnerability can lead to resource exhaustion or state corruption within the affected application.

Because stale subscription entries remain after disconnects, system resources may be consumed unnecessarily, potentially degrading performance or causing failures.

An attacker exploiting this flaw remotely could cause these issues, impacting the stability and reliability of the system.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring SCTP connections to port 36422 for multiple E42_SETUP_REQUEST messages sent on the same association. Repeated setup requests from a single SCTP connection may indicate exploitation attempts.

Network administrators should look for unusual patterns of multiple E42_SETUP_REQUEST messages within a single SCTP session.

Suggested commands include using packet capture tools like tcpdump or tshark to filter SCTP traffic on port 36422 and analyze the number of E42_SETUP_REQUEST messages per connection.

  • tcpdump -i <interface> port 36422 and sctp
  • tshark -i <interface> -Y "sctp.port == 36422 && e42_setup_request"

Additionally, monitoring logs or metrics from FlexRIC for multiple setup requests per SCTP association can help detect the vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting iApp access to only trusted xApps to prevent unauthorized multiple E42_SETUP_REQUEST messages.

Monitoring SCTP associations for repeated setup requests and disconnecting suspicious connections can reduce exploitation risk.

Ensuring that the setup handler in FlexRIC becomes idempotent per association and that all identities and subscriptions are cleaned up during disconnect is recommended, although no upstream fix was available at the time of disclosure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37234. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart