top of page
perceptive_background_267k.jpg

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 …

Published:

31 mei 2026 om 22:00:00

Alert date:

1 juni 2026 om 19:03:21

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Critical Infrastructure

FlexRIC v2.0.0 contains a vulnerability that causes crashes when SCTP associations are closed before E2_SETUP_REQUEST messages are sent. The near-RT RIC incorrectly assumes a mapping between SCTP association and E2 node always exists during cleanup operations and enforces this assumption through assert() calls. Remote unauthenticated attackers can exploit this flaw by establishing an SCTP handshake on port 36421 and immediately disconnecting without sending E2AP messages, resulting in a denial of service condition that crashes the near-RT RIC component.

Technical details

Mitigation steps:

Affected products:

FlexRIC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37220
https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37220.md
https://gitlab.eurecom.fr/mosaic5g/flexric

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page