FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type (e.g., E2nodeConfigurationUpdate) to crash the near-RT RIC process (port 36421) via SIGABRT. The message passes whitelist validation but triggers an unconditional assertion in the handler.
A cross-layer validation mismatch in FlexRIC v2.0.0 allows remote unauthenticated attackers to crash the iApp process via SIGABRT. The E42 layer decoder accepts an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field as valid input, but the downstream E2AP encoder enforces a non-empty constraint and triggers an assertion failure when forwarding the request. This results in denial of [truncated]
A remote unauthenticated attacker can crash the FlexRIC iApp process (port 36421) by sending duplicate E2_SETUP_REQUEST messages with the same E2 node configuration. The iApp registry enforces node ID uniqueness using assert() rather than graceful error handling, causing SIGABRT upon receipt of a second E2_SETUP_REQUEST from the same or a spoofed E2 Node. This represents a denial-of-service condition agai [truncated]
FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher that allows remote unauthenticated attackers to terminate the entire near-RT RIC service. The dispatcher validates incoming E2AP messages against a nine-entry whitelist using assert(), and any decodable E2AP PDU with a message type outside this whitelist triggers SIGABRT. Because iApp and the near-RT RIC share a single process, t [truncated]
FlexRIC v2.0.0 contains a denial-of-service vulnerability in its E2AP message decoding logic. The near-RT RIC (port 36421) and iApp (port 36422) services use hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages rather than performing range-based validation against protocol specifications. A remote unauthenticated attacker can send a valid E2AP Protocol Data Unit (PDU) [truncated]
A remote unauthenticated attacker can crash the FlexRIC near-RT RIC by sending a forged RIC_SUBSCRIPTION_RESPONSE containing an unknown ric_id with no matching pending event. In Debug builds, the crash manifests as SIGABRT due to an assert() failure; in Release builds, it manifests as a NULL pointer dereference (SIGSEGV). The vulnerability exists because the response handler uses assert() to enforce the p [truncated]