CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
990 vulnerabilities reference this CWE, most recent first.
GHSA-452V-W3GX-72WG
Vulnerability from github – Published: 2026-04-18 01:14 – Updated: 2026-05-12 13:32rk Identity Point Panic in Transaction Verification
Summary
Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "zero" value), however, the orchard crate which is used to verify Orchard proofs would panic when fed a rk with the identity value. Thus an attacker could send a crafted transaction that would make a Zebra node crash.
Severity
Critical - This is a Denial of Service Vulnerability that could allow an attacker to crash Zebra nodes.
Affected Versions
All Zebra versions prior to version 4.3.1.
Description
The vulnerability exists in the circuits.rs file of the orchard crate; it attempts to get the coordinates of the rk value and calls unwrap() on the results, which causes a panic if rk is the identity.
Zebra parses rk as a byte vector; it creates an Orchard "bundle" using the orchard crate and then calls the same crate to verify it, triggering the panic.
An attacker could exploit this by:
1. Creating a transaction with a identity rk
2. Submitting it to a Zebra node, making it crash
Impact
Denial of Service
- Attack Vector: Network.
- Effect: Node crash.
- Scope: Any impacted Zebra node.
Fixed Versions
This issue is fixed in Zebra 4.3.1.
The fix was agreed with zcashd developers (which has the same issue) to not allow the identity rk anymore and change the specification as such. Zebra now does this when parsing a transaction. This was deemed easier than fixing the issue in orchard, which would make the bug public before the nodes could be patched.
Mitigation
Users should upgrade to Zebra 4.3.1 or later immediately.
There are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains not vulnerable to denial of service.
Credits
Thanks to Alex “Scalar” Sol for finding and reporting the issue.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "zebrad"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "zebra-chain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41584"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-18T01:14:57Z",
"nvd_published_at": "2026-05-08T15:16:41Z",
"severity": "CRITICAL"
},
"details": "# rk Identity Point Panic in Transaction Verification\n\n## Summary\n\nOrchard transactions contain a `rk` field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a \"zero\" value), however, the `orchard` crate which is used to verify Orchard proofs would panic when fed a `rk` with the identity value. Thus an attacker could send a crafted transaction that would make a Zebra node crash.\n\n## Severity\n\n**Critical** - This is a Denial of Service Vulnerability that could allow an attacker to crash Zebra nodes.\n\n## Affected Versions\n\nAll Zebra versions prior to **version 4.3.1**.\n\n## Description\n\nThe vulnerability exists in the `circuits.rs` file of the `orchard` crate; it attempts to get the coordinates of the `rk` value and calls `unwrap()` on the results, which causes a panic if `rk` is the identity.\n\nZebra parses `rk` as a byte vector; it creates an Orchard \"bundle\" using the `orchard` crate and then calls the same crate to verify it, triggering the panic.\n\nAn attacker could exploit this by:\n1. Creating a transaction with a identity `rk`\n2. Submitting it to a Zebra node, making it crash\n\n## Impact\n\n**Denial of Service**\n\n* **Attack Vector:** Network.\n* **Effect:** Node crash.\n* **Scope:** Any impacted Zebra node.\n\n## Fixed Versions\n\nThis issue is fixed in **Zebra 4.3.1**. \n\nThe fix was agreed with `zcashd` developers (which has the same issue) to not allow the identity `rk` anymore and change the specification as such. Zebra now does this when parsing a transaction. This was deemed easier than fixing the issue in `orchard`, which would make the bug public before the nodes could be patched.\n\n## Mitigation\n\nUsers should upgrade to **Zebra 4.3.1** or later immediately. \n\nThere are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains not vulnerable to denial of service.\n\n## Credits\n\nThanks to Alex \u201cScalar\u201d Sol for finding and reporting the issue.",
"id": "GHSA-452v-w3gx-72wg",
"modified": "2026-05-12T13:32:57Z",
"published": "2026-04-18T01:14:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-452v-w3gx-72wg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41584"
},
{
"type": "PACKAGE",
"url": "https://github.com/ZcashFoundation/zebra"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Zebra has rk Identity Point Panic in Transaction Verification"
}
GHSA-453R-CX7V-94WR
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
{
"affected": [],
"aliases": [
"CVE-2021-33600"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-28T10:15:00Z",
"severity": "HIGH"
},
"details": "A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.",
"id": "GHSA-453r-cx7v-94wr",
"modified": "2022-05-24T19:16:01Z",
"published": "2022-05-24T19:16:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33600"
},
{
"type": "WEB",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"type": "WEB",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-45CV-7V28-M46P
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 21:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
If we get -ENOMEM while dropping file extent items in a given range, at btrfs_drop_extents(), due to failure to allocate memory when attempting to increment the reference count for an extent or drop the reference count, we handle it with a BUG_ON(). This is excessive, instead we can simply abort the transaction and return the error to the caller. In fact most callers of btrfs_drop_extents(), directly or indirectly, already abort the transaction if btrfs_drop_extents() returns any error.
Also, we already have error paths at btrfs_drop_extents() that may return -ENOMEM and in those cases we abort the transaction, like for example anything that changes the b+tree may return -ENOMEM due to a failure to allocate a new extent buffer when COWing an existing extent buffer, such as a call to btrfs_duplicate_item() for example.
So replace the BUG_ON() calls with proper logic to abort the transaction and return the error.
{
"affected": [],
"aliases": [
"CVE-2022-50293"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range\n\nIf we get -ENOMEM while dropping file extent items in a given range, at\nbtrfs_drop_extents(), due to failure to allocate memory when attempting to\nincrement the reference count for an extent or drop the reference count,\nwe handle it with a BUG_ON(). This is excessive, instead we can simply\nabort the transaction and return the error to the caller. In fact most\ncallers of btrfs_drop_extents(), directly or indirectly, already abort\nthe transaction if btrfs_drop_extents() returns any error.\n\nAlso, we already have error paths at btrfs_drop_extents() that may return\n-ENOMEM and in those cases we abort the transaction, like for example\nanything that changes the b+tree may return -ENOMEM due to a failure to\nallocate a new extent buffer when COWing an existing extent buffer, such\nas a call to btrfs_duplicate_item() for example.\n\nSo replace the BUG_ON() calls with proper logic to abort the transaction\nand return the error.",
"id": "GHSA-45cv-7v28-m46p",
"modified": "2025-12-04T21:31:01Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50293"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/162d053e15fe985f754ef495a96eb3db970c43ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1baf3370e2dc5e6bd1368348736189457dab2a27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50f993da945074b2a069da099a0331b23a0c89a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fbcb635c8fc927d139f3302babcf1b42c09265c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45Q4-QCPX-MGMJ
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:44There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-13749"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-29T06:29:00Z",
"severity": "HIGH"
},
"details": "There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.",
"id": "GHSA-45q4-qcpx-mgmj",
"modified": "2025-04-20T03:44:03Z",
"published": "2022-05-13T01:11:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13749"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485285"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100514"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45R2-RX5V-Q5F6
Vulnerability from github – Published: 2025-08-25 03:33 – Updated: 2025-08-25 03:33A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.
{
"affected": [],
"aliases": [
"CVE-2025-9403"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-25T03:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.",
"id": "GHSA-45r2-rx5v-q5f6",
"modified": "2025-08-25T03:33:08Z",
"published": "2025-08-25T03:33:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9403"
},
{
"type": "WEB",
"url": "https://github.com/jqlang/jq/issues/3393"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1r8m9PhU_rk-QPj6OMcs415FcvWPD-zJY/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321239"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321239"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.633170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-46HP-7JPH-MGXF
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-02-07 03:32Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NAS_PDU field to repeatedly crash the MME, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-34235"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:12Z",
"severity": "HIGH"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.",
"id": "GHSA-46hp-7jph-mgxf",
"modified": "2025-02-07T03:32:01Z",
"published": "2025-01-22T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34235"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46Q4-H5PV-R45Q
Vulnerability from github – Published: 2025-08-07 21:31 – Updated: 2025-08-07 21:31A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2025-8698"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-07T21:15:29Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-46q4-h5pv-r45q",
"modified": "2025-08-07T21:31:09Z",
"published": "2025-08-07T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8698"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4012"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/commit/66bc558e417e70ae216ec155e4e81c14ae0ecf30"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/21356631/amf_nsmf_pdusession_handle_release_sm_context.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319128"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319128"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.621282"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-46RH-MCF3-6V59
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
{
"affected": [],
"aliases": [
"CVE-2022-34484"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "HIGH"
},
"details": "The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 102, Firefox ESR \u003c 91.11, Thunderbird \u003c 102, and Thunderbird \u003c 91.11.",
"id": "GHSA-46rh-mcf3-6v59",
"modified": "2025-04-15T18:31:31Z",
"published": "2022-12-22T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34484"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46RX-WMHR-CJ2M
Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 18:31FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC_SUBSCRIPTION_RESPONSE to the near-RT RIC (port 36421) to cause SIGABRT in Debug builds or NULL pointer dereference (SIGSEGV) in Release builds.
{
"affected": [],
"aliases": [
"CVE-2026-37221"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T15:16:34Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC_SUBSCRIPTION_RESPONSE to the near-RT RIC (port 36421) to cause SIGABRT in Debug builds or NULL pointer dereference (SIGSEGV) in Release builds.",
"id": "GHSA-46rx-wmhr-cj2m",
"modified": "2026-06-01T18:31:48Z",
"published": "2026-06-01T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37221"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37221.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46VV-9WJ7-QVXG
Vulnerability from github – Published: 2021-12-04 00:00 – Updated: 2021-12-07 00:00A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-44022"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-03T11:15:00Z",
"severity": "MODERATE"
},
"details": "A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-46vv-9wj7-qvxg",
"modified": "2021-12-07T00:00:58Z",
"published": "2021-12-04T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44022"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000289229"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.