O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.
The vulnerability results from the lack of array size validation (CWE-129 — missing array index verification) in the E2nodeConfigUpdateNotificationHandler notification handling procedure. An attacker can supply crafted input data causing reads or writes outside array boundaries. Due to the network vector (AV:N) without authentication requirements (PR:N) and user interaction (UI:N), the exploit can be performed remotely over the network.
An attacker can gain full control over the confidentiality, integrity, and availability of the system (C:H/I:H/A:H), which in practice means the possibility of executing arbitrary code, corrupting data, or completely disabling the e2mgr service.
Apply patches available from the vendor according to the references — fix available in the Gerrit repository at https://gerrit.o-ran-sc.org/r/c/ric-plt/e2mgr/+/12629 and described in the Jira issue RIC-1044. It is recommended to implement the patch immediately and restrict network access to e2mgr interfaces.
O-RAN SC RIC I-Release, ric-plt/e2mgr component (O-Ran-Sc Ric-Plt-E2Mgr); specific versions indicated in vendor references (Gerrit patch 12629, Jira RIC-1044)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HO Ran Sc Ric Plt E2mgr
APPO-Ran-Sc6.0.4
Related vulnerabilities
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote ...
O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.
O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives...
An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incor...
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to ...