Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-VVX6-GXW4-9J4R

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-23319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-10T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Assertion in \u0027(flags \u003e\u003e CBC_STACK_ADJUST_SHIFT) \u003e= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags \u003e\u003e CBC_STACK_ADJUST_SHIFT)) \u003c= context_p-\u003estack_depth\u0027 in parser_emit_cbc_backward_branch in JerryScript 2.2.0.",
  "id": "GHSA-vvx6-gxw4-9j4r",
  "modified": "2022-05-24T19:05:13Z",
  "published": "2022-05-24T19:05:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23319"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jerryscript-project/jerryscript/issues/3834"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VW3X-2R9R-9464

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.",
  "id": "GHSA-vw3x-2r9r-9464",
  "modified": "2022-05-24T19:07:05Z",
  "published": "2022-05-24T19:07:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20225"
    },
    {
      "type": "WEB",
      "url": "https://mikrotik.com"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VX79-RJ6M-R29G

Vulnerability from github – Published: 2024-07-31 06:30 – Updated: 2025-09-30 12:30
VLAI
Details

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-31T04:15:05Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.",
  "id": "GHSA-vx79-rj6m-r29g",
  "modified": "2025-09-30T12:30:50Z",
  "published": "2024-07-31T06:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39949"
    },
    {
      "type": "WEB",
      "url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXV4-RRX9-5XFQ

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI
Details

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-19T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.",
  "id": "GHSA-vxv4-rrx9-5xfq",
  "modified": "2022-05-13T01:07:36Z",
  "published": "2022-05-13T01:07:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3500"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0053"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0081"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3873-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXV8-R8Q2-63XW

Vulnerability from github – Published: 2022-09-16 22:26 – Updated: 2022-09-19 19:33
VLAI
Summary
TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`
Details

Impact

FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack:

import tensorflow as tf

overlapping = True
orig_input = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)
orig_output = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)
out_backprop = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)
row_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)
col_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)
tf.raw_ops.FractionalMaxPoolGrad(orig_input=orig_input, orig_output=orig_output, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)

Patches

We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4.

The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T22:26:57Z",
    "nvd_published_at": "2022-09-16T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n`FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack:\n```python\nimport tensorflow as tf\n\noverlapping = True\norig_input = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)\norig_output = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)\nout_backprop = tf.constant(.453409232, shape=[1,7,13,1], dtype=tf.float32)\nrow_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)\ncol_pooling_sequence = tf.constant(0, shape=[5], dtype=tf.int64)\ntf.raw_ops.FractionalMaxPoolGrad(orig_input=orig_input, orig_output=orig_output, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [8741e57d163a079db05a7107a7609af70931def4](https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.",
  "id": "GHSA-vxv8-r8q2-63xw",
  "modified": "2022-09-19T19:33:04Z",
  "published": "2022-09-16T22:26:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35981"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/8741e57d163a079db05a7107a7609af70931def4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TensorFlow vulnerable to `CHECK` fail in `FractionalMaxPoolGrad`"
}

GHSA-VXX9-2994-Q338

Vulnerability from github – Published: 2026-03-13 20:04 – Updated: 2026-03-16 22:01
VLAI
Summary
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145
Details

Summary

The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g. 262145). On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validation completes. When validation fails, the temporary stream is dropped and cleanup may call remove(...).expect("stream not found"), triggering a panic in the connection state machine. This is remotely reachable over a normal Yamux session and does not require authentication. kind of vulnerability is it? Who is

Attack Scenario

An attacker that can establish a Yamux session with a target node can crash the target by sending a single validly encoded Yamux Data|SYN frame with an oversized body: 1. Establish a standard authenticated transport session that negotiates Yamux. 2. Send one Yamux frame with: - Tag = Data - Flags = SYN - StreamId = 1 (or any new inbound stream id) - Length = DEFAULT_CREDIT + 1 (e.g. 262145) - Body of matching size This can trigger a panic (stream not found) and terminate the process, depending on host application panic policy.

Patches

Users should upgrade to yamux v0.13.10

This vulnerability was originally submitted by @revofusion to the Ethereum Foundation bug bounty program

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "yamux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.13.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-13T20:04:38Z",
    "nvd_published_at": "2026-03-16T14:19:34Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g. 262145).\nOn the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validation completes. When validation fails, the temporary stream is dropped and cleanup may call remove(...).expect(\"stream not found\"), triggering a panic in the connection state machine.\nThis is remotely reachable over a normal Yamux session and does not require authentication. kind of vulnerability is it? Who is \n#### Attack Scenario  \nAn attacker that can establish a Yamux session with a target node can crash the target by sending a single validly encoded Yamux Data|SYN frame with an oversized body:\n1. Establish a standard authenticated transport session that negotiates Yamux.\n2. Send one Yamux frame with:\n   - Tag = Data\n   - Flags = SYN\n   - StreamId = 1 (or any new inbound stream id)\n   - Length = DEFAULT_CREDIT + 1 (e.g. 262145)\n   - Body of matching size\nThis can trigger a panic (stream not found) and terminate the process, depending on host application panic policy.\n### Patches\nUsers should upgrade to `yamux` `v0.13.10`\n\nThis vulnerability was originally submitted by @revofusion to the Ethereum Foundation bug bounty program",
  "id": "GHSA-vxx9-2994-q338",
  "modified": "2026-03-16T22:01:11Z",
  "published": "2026-03-13T20:04:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/libp2p/rust-yamux/security/advisories/GHSA-vxx9-2994-q338"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32314"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/libp2p/rust-yamux"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145"
}

GHSA-VXXV-C26Q-48F2

Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-09-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path

Since the input data length passed to zlib_compress_folios() can be arbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may cause read-in bytes to exceed the input range. Currently this triggers an assert in btrfs_compress_folios() on the debug kernel (see below). Fix strm.avail_in calculation for S390 hardware acceleration path.

assertion failed: *total_in <= orig_len, in fs/btrfs/compression.c:1041 ------------[ cut here ]------------ kernel BUG at fs/btrfs/compression.c:1041! monitor event: 0040 ilc:2 [#1] PREEMPT SMP CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1 Hardware name: IBM 3931 A01 703 (z/VM 7.4.0) Workqueue: btrfs-delalloc btrfs_work_helper Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000 0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c 000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001 00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58 Krnl Code: 0000021761df6528: c020006f5ef4 larl %r2,0000021762be2310 0000021761df652e: c0e5ffbd09d5 brasl %r14,00000217615978d8 #0000021761df6534: af000000 mc 0,0 >0000021761df6538: 0707 bcr 0,%r7 0000021761df653a: 0707 bcr 0,%r7 0000021761df653c: 0707 bcr 0,%r7 0000021761df653e: 0707 bcr 0,%r7 0000021761df6540: c004004bb7ec brcl 0,000002176276d518 Call Trace: [<0000021761df6538>] btrfs_compress_folios+0x198/0x1a0 ([<0000021761df6534>] btrfs_compress_folios+0x194/0x1a0) [<0000021761d97788>] compress_file_range+0x3b8/0x6d0 [<0000021761dcee7c>] btrfs_work_helper+0x10c/0x160 [<0000021761645760>] process_one_work+0x2b0/0x5d0 [<000002176164637e>] worker_thread+0x20e/0x3e0 [<000002176165221a>] kthread+0x15a/0x170 [<00000217615b859c>] __ret_from_fork+0x3c/0x60 [<00000217626e72d2>] ret_from_fork+0xa/0x38 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000021761597924>] _printk+0x4c/0x58 Kernel panic - not syncing: Fatal exception: panic_on_oops

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-19T12:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zlib: fix avail_in bytes for s390 zlib HW compression path\n\nSince the input data length passed to zlib_compress_folios() can be\narbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may\ncause read-in bytes to exceed the input range. Currently this triggers\nan assert in btrfs_compress_folios() on the debug kernel (see below).\nFix strm.avail_in calculation for S390 hardware acceleration path.\n\n  assertion failed: *total_in \u003c= orig_len, in fs/btrfs/compression.c:1041\n  ------------[ cut here ]------------\n  kernel BUG at fs/btrfs/compression.c:1041!\n  monitor event: 0040 ilc:2 [#1] PREEMPT SMP\n  CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1\n  Hardware name: IBM 3931 A01 703 (z/VM 7.4.0)\n  Workqueue: btrfs-delalloc btrfs_work_helper\n  Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0)\n             R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3\n  Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000\n             0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c\n             000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001\n             00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58\n  Krnl Code: 0000021761df6528: c020006f5ef4        larl    %r2,0000021762be2310\n             0000021761df652e: c0e5ffbd09d5        brasl   %r14,00000217615978d8\n            #0000021761df6534: af000000            mc      0,0\n            \u003e0000021761df6538: 0707                bcr     0,%r7\n             0000021761df653a: 0707                bcr     0,%r7\n             0000021761df653c: 0707                bcr     0,%r7\n             0000021761df653e: 0707                bcr     0,%r7\n             0000021761df6540: c004004bb7ec        brcl    0,000002176276d518\n  Call Trace:\n   [\u003c0000021761df6538\u003e] btrfs_compress_folios+0x198/0x1a0\n  ([\u003c0000021761df6534\u003e] btrfs_compress_folios+0x194/0x1a0)\n   [\u003c0000021761d97788\u003e] compress_file_range+0x3b8/0x6d0\n   [\u003c0000021761dcee7c\u003e] btrfs_work_helper+0x10c/0x160\n   [\u003c0000021761645760\u003e] process_one_work+0x2b0/0x5d0\n   [\u003c000002176164637e\u003e] worker_thread+0x20e/0x3e0\n   [\u003c000002176165221a\u003e] kthread+0x15a/0x170\n   [\u003c00000217615b859c\u003e] __ret_from_fork+0x3c/0x60\n   [\u003c00000217626e72d2\u003e] ret_from_fork+0xa/0x38\n  INFO: lockdep is turned off.\n  Last Breaking-Event-Address:\n   [\u003c0000021761597924\u003e] _printk+0x4c/0x58\n  Kernel panic - not syncing: Fatal exception: panic_on_oops",
  "id": "GHSA-vxxv-c26q-48f2",
  "modified": "2025-09-26T21:30:27Z",
  "published": "2025-01-19T12:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57923"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ee4736c003daded513de0ff112d4a1e9c85bbab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25adbb08aeadcff883ab801df99fd20fefbb6ca4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W279-VHXX-7QX8

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2025-06-09 18:32
VLAI
Details

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-27T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
  "id": "GHSA-w279-vhxx-7qx8",
  "modified": "2025-06-09T18:32:00Z",
  "published": "2022-05-24T17:40:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3326"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-07"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210304-0007"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27256"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W297-H5M6-HGP7

Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:44
VLAI
Details

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13745"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-29T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.",
  "id": "GHSA-w297-h5m6-hgp7",
  "modified": "2025-04-20T03:44:03Z",
  "published": "2022-05-13T01:11:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13745"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485274"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-03"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100514"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W2R7-9579-27HF

Vulnerability from github – Published: 2024-09-17 18:33 – Updated: 2024-09-17 21:32
VLAI
Summary
vLLM denial of service vulnerability
Details

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-8768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-17T21:32:12Z",
    "nvd_published_at": "2024-09-17T17:15:11Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.",
  "id": "GHSA-w2r7-9579-27hf",
  "modified": "2024-09-17T21:32:12Z",
  "published": "2024-09-17T18:33:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8768"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/issues/7632"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/pull/7746"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8768"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311895"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "vLLM denial of service vulnerability"
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.