Common Vulnerabilities and Exposures (CVE)
- Martin Skorupski
- abdulwahid.w
Table of Contents
Child Pages
Scope
This page provides background and status of CVE handling by the O-RAN Software Community.
Background
The MITRE CVE database is a publicly accessible repository that catalogs known cybersecurity vulnerabilities and exposures. Managed by MITRE, it assigns each identified vulnerability a unique CVE-ID, which provides a standardized reference for security professionals worldwide. This consistent naming and classification system helps organizations quickly identify, assess, and address security risks across various software and hardware systems.
Position of O-RAN Software Community
Each O-RAN Software Community project is driven by contributions from experts whose knowledge, experience, and available time are essential to our efforts. Consequently, while addressing Common Vulnerabilities and Exposures (CVEs) is of great interest, we cannot guarantee that every identified vulnerability will be fully analyzed, processed, or resolved.
Moreover, it is important to note that not all O-RAN-SC projects are designed to be production-ready; as such, there is no explicit commitment to focusing on security aspects. Users deploying these software artifacts in production environments are encouraged to review, update, and adapt the code and associated processes in line with their own security policies and practices.
Several O-RAN SC projects are scanned by Sonarcloud, the results are public available [1][2][3].
// TODO: Update O-RAN-SCs position for Issues found by LF scanning and define a mechanism to indicate pre-spec and requirements driving code, which is not intended to be used in production.
CVE Tracker
Below a copy of the O-RAN-SC related CVEs in the MITRE DB enhanced by a column with the status update
Name | Description | Finding in Release | Fix in Release | O-RAN-SC Status |
|---|---|---|---|---|
An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. | I-Release |
| 2025-03-18: Open | |
O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | I-Release |
| 2025-03-18: Open | |
O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | I-Release |
| 2025-03-18: Open | |
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). | I-Release |
| 2025-03-18: Open | |
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). | I-Release |
| 2025-03-18: Open | |
The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. | I-Release |
| 2025-03-18: Open | |
O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | I-Release |
| 2025-03-18: Open | |
An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp. | I-Release |
| 2025-03-18: Open | |
An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp. | H-Release |
| 2025-03-18: Open | |
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component. | G-Release |
| 2025-03-18: Open | |
An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. | H-Release |
| 2025-03-18: Open | |
O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. | H-Release |
| 2025-03-18: Open | |
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. | H-Release | I-Release | 2025-03-18: Fixed in “I” release. | |
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. | H-Release | I-Release | 2025-03-18: Fixed in “I” release. |
References