CVE-2026-37229

Exploit

EPSS 0.62%
Veröffentlicht 01.06.2026 00:00:00
Zuletzt bearbeitet 03.06.2026 17:16:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the process via SIGABRT. The assertion is reached before any protocol-level validation occurs. All three E2AP protocol versions (v1.01, v2.03, v3.01) are affected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mosaic5g ≫ Flexric Version2.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.452

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://gitlab.eurecom.fr/mosaic5g/flexric

Product

https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37229.md

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-37229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-37229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-37229

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-37229