Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

986 vulnerabilities reference this CWE, most recent first.

GHSA-W62H-8XJM-FV49

Vulnerability from github – Published: 2022-09-16 21:19 – Updated: 2022-09-19 19:38
VLAI
Summary
TensorFlow vulnerable to `CHECK` fail in `DenseBincount`
Details

Impact

DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack.

import tensorflow as tf
binary_output = True
input = tf.random.uniform(shape=[0, 0], minval=-10000, maxval=10000, dtype=tf.int32, seed=-2460)
size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)
weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)
tf.raw_ops.DenseBincount(input=input, size=size, weights=weights, binary_output=binary_output)

Patches

We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43.

The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35987"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T21:19:15Z",
    "nvd_published_at": "2022-09-16T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n`DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nbinary_output = True\ninput = tf.random.uniform(shape=[0, 0], minval=-10000, maxval=10000, dtype=tf.int32, seed=-2460)\nsize = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)\nweights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)\ntf.raw_ops.DenseBincount(input=input, size=size, weights=weights, binary_output=binary_output)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf4c14353c2328636a18bfad1e151052c81d5f43](https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n",
  "id": "GHSA-w62h-8xjm-fv49",
  "modified": "2022-09-19T19:38:33Z",
  "published": "2022-09-16T21:19:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TensorFlow vulnerable to `CHECK` fail in `DenseBincount`"
}

GHSA-W74V-3FR4-63JV

Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted

Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata():

               jbd2_journal_commit_transaction

unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = frozen_buffer jh->b_next_transaction = trans2 jbd2_journal_dirty_metadata is_handle_aborted is_journal_aborted // return false

       --> jbd2 abort <--

                 while (commit_transaction->t_buffers)
                  if (is_journal_aborted)
                   jbd2_journal_refile_buffer
                    __jbd2_journal_refile_buffer
                     WRITE_ONCE(jh->b_transaction,
                    jh->b_next_transaction)
                     WRITE_ONCE(jh->b_next_transaction, NULL)
                     __jbd2_journal_file_buffer(jh, BJ_Reserved)
    J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !

The reproducer (See detail in [Link]) reports: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1629! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 584 Comm: unlink Tainted: G W 5.19.0-rc6-00115-g4a57a8400075-dirty #697 RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470 RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202 Call Trace: __ext4_handle_dirty_metadata+0xa0/0x290 ext4_handle_dirty_dirblock+0x10c/0x1d0 ext4_delete_entry+0x104/0x200 __ext4_unlink+0x22b/0x360 ext4_unlink+0x275/0x390 vfs_unlink+0x20b/0x4c0 do_unlinkat+0x42f/0x4c0 __x64_sys_unlink+0x37/0x50 do_syscall_64+0x35/0x80

After journal aborting, __jbd2_journal_refile_buffer() is executed with holding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()' into the area protected by @jh->b_state_lock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix assertion \u0027jh-\u003eb_frozen_data == NULL\u0027 failure when journal aborted\n\nFollowing process will fail assertion \u0027jh-\u003eb_frozen_data == NULL\u0027 in\njbd2_journal_dirty_metadata():\n\n                   jbd2_journal_commit_transaction\nunlink(dir/a)\n jh-\u003eb_transaction = trans1\n jh-\u003eb_jlist = BJ_Metadata\n                    journal-\u003ej_running_transaction = NULL\n                    trans1-\u003et_state = T_COMMIT\nunlink(dir/b)\n handle-\u003eh_trans = trans2\n do_get_write_access\n  jh-\u003eb_modified = 0\n  jh-\u003eb_frozen_data = frozen_buffer\n  jh-\u003eb_next_transaction = trans2\n jbd2_journal_dirty_metadata\n  is_handle_aborted\n   is_journal_aborted // return false\n\n           --\u003e jbd2 abort \u003c--\n\n                     while (commit_transaction-\u003et_buffers)\n                      if (is_journal_aborted)\n                       jbd2_journal_refile_buffer\n                        __jbd2_journal_refile_buffer\n                         WRITE_ONCE(jh-\u003eb_transaction,\n\t\t\t\t\t\tjh-\u003eb_next_transaction)\n                         WRITE_ONCE(jh-\u003eb_next_transaction, NULL)\n                         __jbd2_journal_file_buffer(jh, BJ_Reserved)\n        J_ASSERT_JH(jh, jh-\u003eb_frozen_data == NULL) // assertion failure !\n\nThe reproducer (See detail in [Link]) reports:\n ------------[ cut here ]------------\n kernel BUG at fs/jbd2/transaction.c:1629!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 2 PID: 584 Comm: unlink Tainted: G        W\n 5.19.0-rc6-00115-g4a57a8400075-dirty #697\n RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470\n RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202\n Call Trace:\n  \u003cTASK\u003e\n  __ext4_handle_dirty_metadata+0xa0/0x290\n  ext4_handle_dirty_dirblock+0x10c/0x1d0\n  ext4_delete_entry+0x104/0x200\n  __ext4_unlink+0x22b/0x360\n  ext4_unlink+0x275/0x390\n  vfs_unlink+0x20b/0x4c0\n  do_unlinkat+0x42f/0x4c0\n  __x64_sys_unlink+0x37/0x50\n  do_syscall_64+0x35/0x80\n\nAfter journal aborting, __jbd2_journal_refile_buffer() is executed with\nholding @jh-\u003eb_state_lock, we can fix it by moving \u0027is_handle_aborted()\u0027\ninto the area protected by @jh-\u003eb_state_lock.",
  "id": "GHSA-w74v-3fr4-63jv",
  "modified": "2025-11-18T18:32:45Z",
  "published": "2025-06-18T12:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50126"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f61c6dc4b714be9d79cf0782ca02ba01c1b7ac3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a734f0869f970b8a9b65062ea40b09a5da9dba8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6073389db83b903678a0920554fa19f5bdc51c48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/731c1662d838fe954c6759e3ee43229b0d928fe4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ddd896792e1718cb84c96f3e618270589b6886dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e62f79827784f56499a50ea2e893c98317b5407b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f7161d0da975adc234161cd0641d0e484f5ce375"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa5b65d39332fef7a11ae99cb1f0696012a61527"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7M3-X4XV-2QPW

Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-11-03 21:34
VLAI
Details

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-22T16:15:27Z",
    "severity": "HIGH"
  },
  "details": "A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.",
  "id": "GHSA-w7m3-x4xv-2qpw",
  "modified": "2025-11-03T21:34:10Z",
  "published": "2025-07-22T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36512"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2200"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W8CP-6X5G-MF2J

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-10-22 12:00
VLAI
Details

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1681"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.",
  "id": "GHSA-w8cp-6x5g-mf2j",
  "modified": "2022-10-22T12:00:29Z",
  "published": "2022-05-24T17:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1681"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11078"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9MJ-34HR-82RJ

Vulnerability from github – Published: 2024-04-03 15:30 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not ASSERT() if the newly created subvolume already got read

[BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation:

assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 btrfs_get_new_fs_root+0xd3/0xf0 create_subvol+0xd02/0x1650 btrfs_mksubvol+0xe95/0x12b0 __btrfs_ioctl_snap_create+0x2f9/0x4f0 btrfs_ioctl_snap_create+0x16b/0x200 btrfs_ioctl+0x35f0/0x5cf0 __x64_sys_ioctl+0x19d/0x210 do_syscall_64+0x3f/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace 0000000000000000 ]---

[CAUSE] During create_subvol(), after inserting root item for the newly created subvolume, we would trigger btrfs_get_new_fs_root() to get the btrfs_root of that subvolume.

The idea here is, we have preallocated an anonymous device number for the subvolume, thus we can assign it to the new subvolume.

But there is really nothing preventing things like backref walk to read the new subvolume. If that happens before we call btrfs_get_new_fs_root(), the subvolume would be read out, with a new anonymous device number assigned already.

In that case, we would trigger ASSERT(), as we really expect no one to read out that subvolume (which is not yet accessible from the fs). But things like backref walk is still possible to trigger the read on the subvolume.

Thus our assumption on the ASSERT() is not correct in the first place.

[FIX] Fix it by removing the ASSERT(), and just free the @anon_dev, reset it to 0, and continue.

If the subvolume tree is read out by something else, it should have already get a new anon_dev assigned thus we only need to free the preallocated one.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T15:15:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() if the newly created subvolume already got read\n\n[BUG]\nThere is a syzbot crash, triggered by the ASSERT() during subvolume\ncreation:\n\n assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/disk-io.c:1319!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60\n  \u003cTASK\u003e\n  btrfs_get_new_fs_root+0xd3/0xf0\n  create_subvol+0xd02/0x1650\n  btrfs_mksubvol+0xe95/0x12b0\n  __btrfs_ioctl_snap_create+0x2f9/0x4f0\n  btrfs_ioctl_snap_create+0x16b/0x200\n  btrfs_ioctl+0x35f0/0x5cf0\n  __x64_sys_ioctl+0x19d/0x210\n  do_syscall_64+0x3f/0xe0\n  entry_SYSCALL_64_after_hwframe+0x63/0x6b\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nDuring create_subvol(), after inserting root item for the newly created\nsubvolume, we would trigger btrfs_get_new_fs_root() to get the\nbtrfs_root of that subvolume.\n\nThe idea here is, we have preallocated an anonymous device number for\nthe subvolume, thus we can assign it to the new subvolume.\n\nBut there is really nothing preventing things like backref walk to read\nthe new subvolume.\nIf that happens before we call btrfs_get_new_fs_root(), the subvolume\nwould be read out, with a new anonymous device number assigned already.\n\nIn that case, we would trigger ASSERT(), as we really expect no one to\nread out that subvolume (which is not yet accessible from the fs).\nBut things like backref walk is still possible to trigger the read on\nthe subvolume.\n\nThus our assumption on the ASSERT() is not correct in the first place.\n\n[FIX]\nFix it by removing the ASSERT(), and just free the @anon_dev, reset it\nto 0, and continue.\n\nIf the subvolume tree is read out by something else, it should have\nalready get a new anon_dev assigned thus we only need to free the\npreallocated one.",
  "id": "GHSA-w9mj-34hr-82rj",
  "modified": "2025-03-17T18:31:39Z",
  "published": "2024-04-03T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26727"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f5d47eb163bceb1b9e613c9003bae5fefc0046f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a172344bfdabb46458e03708735d7b1a918c468"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/833775656d447c545133a744a0ed1e189ce61430"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e31546b0f34af21738c4ceac47d662c00ee6382f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9WX-4FJG-83VQ

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-18T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.",
  "id": "GHSA-w9wx-4fjg-83vq",
  "modified": "2022-05-24T19:11:30Z",
  "published": "2022-05-24T19:11:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39283"
    },
    {
      "type": "WEB",
      "url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
    },
    {
      "type": "WEB",
      "url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WC3J-P7CF-6PRX

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
  "id": "GHSA-wc3j-p7cf-6prx",
  "modified": "2022-05-24T19:01:48Z",
  "published": "2022-05-24T19:01:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1925"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WC6G-G56R-JP2F

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-10-27 19:00
VLAI
Details

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-18T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.",
  "id": "GHSA-wc6g-g56r-jp2f",
  "modified": "2022-10-27T19:00:41Z",
  "published": "2022-05-24T19:02:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3531"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955326"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/05/14/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/05/17/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCGQ-QMMC-WW44

Vulnerability from github – Published: 2023-03-16 15:30 – Updated: 2025-02-26 21:30
VLAI
Details

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.",
  "id": "GHSA-wcgq-qmmc-ww44",
  "modified": "2025-02-26T21:30:25Z",
  "published": "2023-03-16T15:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27783"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/780"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/pull/781"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WFGC-2F4P-CM5V

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.",
  "id": "GHSA-wfgc-2f4p-cm5v",
  "modified": "2022-05-24T19:08:50Z",
  "published": "2022-05-24T19:08:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20262"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/May/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.