CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-VFWV-M6QG-W443
Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.
This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2;
Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO;
{
"affected": [],
"aliases": [
"CVE-2023-36840"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-14T18:15:10Z",
"severity": "MODERATE"
},
"details": "A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.3R3-S10;\n20.1 versions prior to 20.1R3-S4;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R2;\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S7-EVO;\n21.1 versions prior to 21.1R3-S3-EVO;\n21.2 versions prior to 21.2R3-S5-EVO;\n21.3 versions prior to 21.3R3-S4-EVO;\n21.4 versions prior to 21.4R3-EVO;\n22.1 versions prior to 22.1R3-EVO;\n22.2 versions prior to 22.2R2-EVO;\n22.3 versions prior to 22.3R2-EVO;\n",
"id": "GHSA-vfwv-m6qg-w443",
"modified": "2024-04-04T06:08:46Z",
"published": "2023-07-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36840"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA71647"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VGHX-352F-93JM
Vulnerability from github – Published: 2026-05-21 19:46 – Updated: 2026-06-10 13:41Impact
A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block".
Patches
The patch for this vulnerability is formally released as part of v1.5.0.
Workarounds
No Workaround, although requesting the genesis batch set is not used during normal operation.
Resources
See PR.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "nimiq-blockchain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46543"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-21T19:46:15Z",
"nvd_published_at": "2026-06-10T00:16:54Z",
"severity": "MODERATE"
},
"details": "### Impact\nA remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block\u0027s hash. The handler calls `get_epoch_chunks` which iterates backwards through macro blocks using `Policy::macro_block_before`. When it reaches the genesis block number, `macro_block_before` panics with \"No macro blocks before genesis block\".\n\n### Patches\n[The patch for this vulnerability](https://github.com/nimiq/core-rs-albatross/pull/3745) is formally released as part of [v1.5.0](https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0).\n\n### Workarounds\nNo Workaround, although requesting the genesis batch set is not used during normal operation.\n\n### Resources\nSee [PR](https://github.com/nimiq/core-rs-albatross/pull/3745).",
"id": "GHSA-vghx-352f-93jm",
"modified": "2026-06-10T13:41:37Z",
"published": "2026-05-21T19:46:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-vghx-352f-93jm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46543"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/pull/3745"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/commit/8e8b0abdb1b66f5e9b25b3833879f05c173a5596"
},
{
"type": "PACKAGE",
"url": "https://github.com/nimiq/core-rs-albatross"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "nimiq-blockchain: Genesis batch set request"
}
GHSA-VGQ7-9R5R-J9V3
Vulnerability from github – Published: 2025-11-24 18:31 – Updated: 2025-11-25 21:01An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/pcf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-60632"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-25T21:01:13Z",
"nvd_published_at": "2025-11-24T16:15:49Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.",
"id": "GHSA-vgq7-9r5r-j9v3",
"modified": "2025-11-25T21:01:13Z",
"published": "2025-11-24T18:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60632"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/issues/705"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/pcf/pull/53"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/pcf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API"
}
GHSA-VGV4-555V-W6X3
Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.
{
"affected": [],
"aliases": [
"CVE-2026-9746"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T23:17:03Z",
"severity": "HIGH"
},
"details": "When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.",
"id": "GHSA-vgv4-555v-w6x3",
"modified": "2026-06-10T00:31:50Z",
"published": "2026-06-10T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9746"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-124190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VH8H-JG54-V92W
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2024-08-01 15:31** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”
{
"affected": [],
"aliases": [
"CVE-2018-7712"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-05T23:29:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height \u003c= (1\u003c\u003c20)) may be false. Note: \u201cOpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.\u201d",
"id": "GHSA-vh8h-jg54-v92w",
"modified": "2024-08-01T15:31:13Z",
"published": "2022-05-13T01:28:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7712"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv/issues/10998"
},
{
"type": "WEB",
"url": "https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJ4F-PW6H-MXV3
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.
{
"affected": [],
"aliases": [
"CVE-2020-23311"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-10T23:15:00Z",
"severity": "HIGH"
},
"details": "There is an Assertion \u0027context_p-\u003etoken.type == LEXER_RIGHT_BRACE || context_p-\u003etoken.type == LEXER_ASSIGN || context_p-\u003etoken.type == LEXER_COMMA\u0027 failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.",
"id": "GHSA-vj4f-pw6h-mxv3",
"modified": "2022-05-24T19:05:14Z",
"published": "2022-05-24T19:05:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23311"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/3822"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VJJP-V767-CX96
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-13 21:31In the Linux kernel, the following vulnerability has been resolved:
iommu/io-pgtable-arm: fix size_t signedness bug in unmap path
__arm_lpae_unmap() returns size_t but was returning -ENOENT (negative error code) when encountering an unmapped PTE. Since size_t is unsigned, -ENOENT (typically -2) becomes a huge positive value (0xFFFFFFFFFFFFFFFE on 64-bit systems).
This corrupted value propagates through the call chain: __arm_lpae_unmap() returns -ENOENT as size_t -> arm_lpae_unmap_pages() returns it -> __iommu_unmap() adds it to iova address -> iommu_pgsize() triggers BUG_ON due to corrupted iova
This can cause IOVA address overflow in __iommu_unmap() loop and trigger BUG_ON in iommu_pgsize() from invalid address alignment.
Fix by returning 0 instead of -ENOENT. The WARN_ON already signals the error condition, and returning 0 (meaning "nothing unmapped") is the correct semantic for size_t return type. This matches the behavior of other io-pgtable implementations (io-pgtable-arm-v7s, io-pgtable-dart) which return 0 on error conditions.
{
"affected": [],
"aliases": [
"CVE-2026-23067"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/io-pgtable-arm: fix size_t signedness bug in unmap path\n\n__arm_lpae_unmap() returns size_t but was returning -ENOENT (negative\nerror code) when encountering an unmapped PTE. Since size_t is unsigned,\n-ENOENT (typically -2) becomes a huge positive value (0xFFFFFFFFFFFFFFFE\non 64-bit systems).\n\nThis corrupted value propagates through the call chain:\n __arm_lpae_unmap() returns -ENOENT as size_t\n -\u003e arm_lpae_unmap_pages() returns it\n -\u003e __iommu_unmap() adds it to iova address\n -\u003e iommu_pgsize() triggers BUG_ON due to corrupted iova\n\nThis can cause IOVA address overflow in __iommu_unmap() loop and\ntrigger BUG_ON in iommu_pgsize() from invalid address alignment.\n\nFix by returning 0 instead of -ENOENT. The WARN_ON already signals\nthe error condition, and returning 0 (meaning \"nothing unmapped\")\nis the correct semantic for size_t return type. This matches the\nbehavior of other io-pgtable implementations (io-pgtable-arm-v7s,\nio-pgtable-dart) which return 0 on error conditions.",
"id": "GHSA-vjjp-v767-cx96",
"modified": "2026-03-13T21:31:40Z",
"published": "2026-02-04T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23067"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/374e7af67d9d9d6103c2cfc8eb32abfecf3a2fd8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41ec6988547819756fb65e94fc24f3e0dddf84ac"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VM7X-4QHJ-RRCQ
Vulnerability from github – Published: 2022-09-16 22:15 – Updated: 2022-09-19 19:55Impact
When TensorListScatter and TensorListScatterV2 receive an element_shape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack.
import tensorflow as tf
arg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)
arg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)
arg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)
arg_3=''
tf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1,
element_shape=arg_2, name=arg_3)
Patches
We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35991"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:15:05Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None)\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536)\narg_3=\u0027\u0027\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, \nelement_shape=arg_2, name=arg_3)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bb03fdf4aae944ab2e4b35c7daa051068a8b7f61](https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \u5218\u529b\u6e90, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n",
"id": "GHSA-vm7x-4qhj-rrcq",
"modified": "2022-09-19T19:55:20Z",
"published": "2022-09-16T22:15:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35991"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`"
}
GHSA-VPVV-3968-XXMC
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2025-12-19 18:31An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in lib/pfcp/context.c (ogs_pfcp_object_teid_hash_set) if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flag(s) (IPv4/IPv6) do not match the GTP-U resource family configured for the selected DNN (Network Instance), resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-65559"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T19:16:33Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flag(s) (IPv4/IPv6) do not match the GTP-U resource family configured for the selected DNN (Network Instance), resulting in a denial of service.",
"id": "GHSA-vpvv-3968-xxmc",
"modified": "2025-12-19T18:31:12Z",
"published": "2025-12-18T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65559"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV4J-XQG9-J5G3
Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-14 00:02A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.
{
"affected": [],
"aliases": [
"CVE-2021-46052"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:11:00Z",
"severity": "MODERATE"
},
"details": "A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.",
"id": "GHSA-vv4j-xqg9-j5g3",
"modified": "2022-01-14T00:02:39Z",
"published": "2022-01-11T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46052"
},
{
"type": "WEB",
"url": "https://github.com/WebAssembly/binaryen/issues/4411"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.