The vulnerability in FlexRIC v2.0.0 arises from improper handling of RIC_SUBSCRIPTION_RESPONSE messages containing unknown ric_id values without matching pending events. The near-RT RIC enforces the presence of a pending event using assert(), which leads to a crash when this condition is not met. An unauthenticated remote attacker can exploit this by sending crafted messages to the near-RT RIC listening on port 36421, resulting in denial of service through application crashes (SIGABRT or SIGSEGV depending on build type).

Successful exploitation causes the near-RT RIC component of FlexRIC to crash, leading to denial of service. The attacker does not require authentication and can trigger the crash remotely by sending malformed subscription response messages. There is no information about further impact such as code execution or data leakage.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting access to port 36421 to trusted sources only to reduce exposure. Monitor for unusual traffic patterns targeting this port. Avoid running Debug builds in production environments as they are more susceptible to SIGABRT crashes.