FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using …

FlexRIC v2.0.0 contains a critical vulnerability in the iApp message dispatcher that allows remote unauthenticated attackers to crash the entire RIC service. The vulnerability exists in the E2AP message validation logic which uses assert() against a 9-entry whitelist. Attackers can send malformed E2AP PDU messages to trigger a SIGABRT signal, causing process termination. This affects the near-RT RIC service and disconnects all E2 Nodes and xApps, resulting in complete service disruption. The vulnerability is accessible via port 36422 and requires no authentication.