FlexRIC Reachable Assertion Vulnerability in E2AP Message Handlers

A denial-of-service vulnerability has been identified in FlexRIC version 2.0.0. The issue arises from reachable assert(0) calls in the near-RT RIC's stub message handlers for E2AP message types that are whitelisted but not implemented. A remote, unauthenticated attacker can exploit this vulnerability by sending a decodable E2AP PDU of such a type, such as E2nodeConfigurationUpdate, to crash the near-RT RIC process on port 36421. The message successfully passes whitelist validation but triggers an unconditional assertion failure in the handler, causing the process to abort and terminate the service.

Impact

Exploitation of this vulnerability leads to an unhandled assertion failure in the near-RT RIC process, causing the process to abort and terminate the service, which is a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a decodable E2AP PDU for one of the whitelisted but unimplemented message types to SCTP port 36421. The message will pass the near-RT RIC whitelist validation and be dispatched to a stub handler that unconditionally asserts, causing the process to crash.

Remediation

No upstream fix is available. Operators are advised to restrict E2 SCTP access to trusted nodes. Additionally, stub handlers should be modified to return protocol errors or ignore unsupported messages instead of asserting.