CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
986 vulnerabilities reference this CWE, most recent first.
GHSA-W62H-8XJM-FV49
Vulnerability from github – Published: 2022-09-16 21:19 – Updated: 2022-09-19 19:38Impact
DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
binary_output = True
input = tf.random.uniform(shape=[0, 0], minval=-10000, maxval=10000, dtype=tf.int32, seed=-2460)
size = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)
weights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)
tf.raw_ops.DenseBincount(input=input, size=size, weights=weights, binary_output=binary_output)
Patches
We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35987"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T21:19:15Z",
"nvd_published_at": "2022-09-16T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n`DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nbinary_output = True\ninput = tf.random.uniform(shape=[0, 0], minval=-10000, maxval=10000, dtype=tf.int32, seed=-2460)\nsize = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.int32, seed=-10000)\nweights = tf.random.uniform(shape=[], minval=-10000, maxval=10000, dtype=tf.float32, seed=-10000)\ntf.raw_ops.DenseBincount(input=input, size=size, weights=weights, binary_output=binary_output)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [bf4c14353c2328636a18bfad1e151052c81d5f43](https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Di Jin, Secure Systems Labs, Brown University\n",
"id": "GHSA-w62h-8xjm-fv49",
"modified": "2022-09-19T19:38:33Z",
"published": "2022-09-16T21:19:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35987"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/bf4c14353c2328636a18bfad1e151052c81d5f43"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `DenseBincount`"
}
GHSA-W74V-3FR4-63JV
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-18 18:32In the Linux kernel, the following vulnerability has been resolved:
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata():
jbd2_journal_commit_transaction
unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = frozen_buffer jh->b_next_transaction = trans2 jbd2_journal_dirty_metadata is_handle_aborted is_journal_aborted // return false
--> jbd2 abort <--
while (commit_transaction->t_buffers)
if (is_journal_aborted)
jbd2_journal_refile_buffer
__jbd2_journal_refile_buffer
WRITE_ONCE(jh->b_transaction,
jh->b_next_transaction)
WRITE_ONCE(jh->b_next_transaction, NULL)
__jbd2_journal_file_buffer(jh, BJ_Reserved)
J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !
The reproducer (See detail in [Link]) reports: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1629! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 584 Comm: unlink Tainted: G W 5.19.0-rc6-00115-g4a57a8400075-dirty #697 RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470 RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202 Call Trace: __ext4_handle_dirty_metadata+0xa0/0x290 ext4_handle_dirty_dirblock+0x10c/0x1d0 ext4_delete_entry+0x104/0x200 __ext4_unlink+0x22b/0x360 ext4_unlink+0x275/0x390 vfs_unlink+0x20b/0x4c0 do_unlinkat+0x42f/0x4c0 __x64_sys_unlink+0x37/0x50 do_syscall_64+0x35/0x80
After journal aborting, __jbd2_journal_refile_buffer() is executed with holding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()' into the area protected by @jh->b_state_lock.
{
"affected": [],
"aliases": [
"CVE-2022-50126"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:42Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix assertion \u0027jh-\u003eb_frozen_data == NULL\u0027 failure when journal aborted\n\nFollowing process will fail assertion \u0027jh-\u003eb_frozen_data == NULL\u0027 in\njbd2_journal_dirty_metadata():\n\n jbd2_journal_commit_transaction\nunlink(dir/a)\n jh-\u003eb_transaction = trans1\n jh-\u003eb_jlist = BJ_Metadata\n journal-\u003ej_running_transaction = NULL\n trans1-\u003et_state = T_COMMIT\nunlink(dir/b)\n handle-\u003eh_trans = trans2\n do_get_write_access\n jh-\u003eb_modified = 0\n jh-\u003eb_frozen_data = frozen_buffer\n jh-\u003eb_next_transaction = trans2\n jbd2_journal_dirty_metadata\n is_handle_aborted\n is_journal_aborted // return false\n\n --\u003e jbd2 abort \u003c--\n\n while (commit_transaction-\u003et_buffers)\n if (is_journal_aborted)\n jbd2_journal_refile_buffer\n __jbd2_journal_refile_buffer\n WRITE_ONCE(jh-\u003eb_transaction,\n\t\t\t\t\t\tjh-\u003eb_next_transaction)\n WRITE_ONCE(jh-\u003eb_next_transaction, NULL)\n __jbd2_journal_file_buffer(jh, BJ_Reserved)\n J_ASSERT_JH(jh, jh-\u003eb_frozen_data == NULL) // assertion failure !\n\nThe reproducer (See detail in [Link]) reports:\n ------------[ cut here ]------------\n kernel BUG at fs/jbd2/transaction.c:1629!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 2 PID: 584 Comm: unlink Tainted: G W\n 5.19.0-rc6-00115-g4a57a8400075-dirty #697\n RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470\n RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202\n Call Trace:\n \u003cTASK\u003e\n __ext4_handle_dirty_metadata+0xa0/0x290\n ext4_handle_dirty_dirblock+0x10c/0x1d0\n ext4_delete_entry+0x104/0x200\n __ext4_unlink+0x22b/0x360\n ext4_unlink+0x275/0x390\n vfs_unlink+0x20b/0x4c0\n do_unlinkat+0x42f/0x4c0\n __x64_sys_unlink+0x37/0x50\n do_syscall_64+0x35/0x80\n\nAfter journal aborting, __jbd2_journal_refile_buffer() is executed with\nholding @jh-\u003eb_state_lock, we can fix it by moving \u0027is_handle_aborted()\u0027\ninto the area protected by @jh-\u003eb_state_lock.",
"id": "GHSA-w74v-3fr4-63jv",
"modified": "2025-11-18T18:32:45Z",
"published": "2025-06-18T12:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50126"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f61c6dc4b714be9d79cf0782ca02ba01c1b7ac3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a734f0869f970b8a9b65062ea40b09a5da9dba8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6073389db83b903678a0920554fa19f5bdc51c48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/731c1662d838fe954c6759e3ee43229b0d928fe4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ddd896792e1718cb84c96f3e618270589b6886dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e62f79827784f56499a50ea2e893c98317b5407b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7161d0da975adc234161cd0641d0e484f5ce375"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa5b65d39332fef7a11ae99cb1f0696012a61527"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W7M3-X4XV-2QPW
Vulnerability from github – Published: 2025-07-22 18:30 – Updated: 2025-11-03 21:34A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-36512"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-22T16:15:27Z",
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.",
"id": "GHSA-w7m3-x4xv-2qpw",
"modified": "2025-11-03T21:34:10Z",
"published": "2025-07-22T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36512"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2200"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W8CP-6X5G-MF2J
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-10-22 12:00Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-1681"
],
"database_specific": {
"cwe_ids": [
"CWE-617",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T21:15:00Z",
"severity": "MODERATE"
},
"details": "Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.",
"id": "GHSA-w8cp-6x5g-mf2j",
"modified": "2022-10-22T12:00:29Z",
"published": "2022-05-24T17:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1681"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11078"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W9MJ-34HR-82RJ
Vulnerability from github – Published: 2024-04-03 15:30 – Updated: 2025-03-17 18:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not ASSERT() if the newly created subvolume already got read
[BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation:
assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 btrfs_get_new_fs_root+0xd3/0xf0 create_subvol+0xd02/0x1650 btrfs_mksubvol+0xe95/0x12b0 __btrfs_ioctl_snap_create+0x2f9/0x4f0 btrfs_ioctl_snap_create+0x16b/0x200 btrfs_ioctl+0x35f0/0x5cf0 __x64_sys_ioctl+0x19d/0x210 do_syscall_64+0x3f/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace 0000000000000000 ]---
[CAUSE] During create_subvol(), after inserting root item for the newly created subvolume, we would trigger btrfs_get_new_fs_root() to get the btrfs_root of that subvolume.
The idea here is, we have preallocated an anonymous device number for the subvolume, thus we can assign it to the new subvolume.
But there is really nothing preventing things like backref walk to read the new subvolume. If that happens before we call btrfs_get_new_fs_root(), the subvolume would be read out, with a new anonymous device number assigned already.
In that case, we would trigger ASSERT(), as we really expect no one to read out that subvolume (which is not yet accessible from the fs). But things like backref walk is still possible to trigger the read on the subvolume.
Thus our assumption on the ASSERT() is not correct in the first place.
[FIX] Fix it by removing the ASSERT(), and just free the @anon_dev, reset it to 0, and continue.
If the subvolume tree is read out by something else, it should have already get a new anon_dev assigned thus we only need to free the preallocated one.
{
"affected": [],
"aliases": [
"CVE-2024-26727"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T15:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() if the newly created subvolume already got read\n\n[BUG]\nThere is a syzbot crash, triggered by the ASSERT() during subvolume\ncreation:\n\n assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/disk-io.c:1319!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60\n \u003cTASK\u003e\n btrfs_get_new_fs_root+0xd3/0xf0\n create_subvol+0xd02/0x1650\n btrfs_mksubvol+0xe95/0x12b0\n __btrfs_ioctl_snap_create+0x2f9/0x4f0\n btrfs_ioctl_snap_create+0x16b/0x200\n btrfs_ioctl+0x35f0/0x5cf0\n __x64_sys_ioctl+0x19d/0x210\n do_syscall_64+0x3f/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nDuring create_subvol(), after inserting root item for the newly created\nsubvolume, we would trigger btrfs_get_new_fs_root() to get the\nbtrfs_root of that subvolume.\n\nThe idea here is, we have preallocated an anonymous device number for\nthe subvolume, thus we can assign it to the new subvolume.\n\nBut there is really nothing preventing things like backref walk to read\nthe new subvolume.\nIf that happens before we call btrfs_get_new_fs_root(), the subvolume\nwould be read out, with a new anonymous device number assigned already.\n\nIn that case, we would trigger ASSERT(), as we really expect no one to\nread out that subvolume (which is not yet accessible from the fs).\nBut things like backref walk is still possible to trigger the read on\nthe subvolume.\n\nThus our assumption on the ASSERT() is not correct in the first place.\n\n[FIX]\nFix it by removing the ASSERT(), and just free the @anon_dev, reset it\nto 0, and continue.\n\nIf the subvolume tree is read out by something else, it should have\nalready get a new anon_dev assigned thus we only need to free the\npreallocated one.",
"id": "GHSA-w9mj-34hr-82rj",
"modified": "2025-03-17T18:31:39Z",
"published": "2024-04-03T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26727"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3f5d47eb163bceb1b9e613c9003bae5fefc0046f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a172344bfdabb46458e03708735d7b1a918c468"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/833775656d447c545133a744a0ed1e189ce61430"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e31546b0f34af21738c4ceac47d662c00ee6382f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W9WX-4FJG-83VQ
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
{
"affected": [],
"aliases": [
"CVE-2021-39283"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-18T17:15:00Z",
"severity": "MODERATE"
},
"details": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.",
"id": "GHSA-w9wx-4fjg-83vq",
"modified": "2022-05-24T19:11:30Z",
"published": "2022-05-24T19:11:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39283"
},
{
"type": "WEB",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
},
{
"type": "WEB",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WC3J-P7CF-6PRX
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2021-1925"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-07T09:15:00Z",
"severity": "HIGH"
},
"details": "Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-wc3j-p7cf-6prx",
"modified": "2022-05-24T19:01:48Z",
"published": "2022-05-24T19:01:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1925"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WC6G-G56R-JP2F
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-10-27 19:00A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
{
"affected": [],
"aliases": [
"CVE-2021-3531"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-18T12:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.",
"id": "GHSA-wc6g-g56r-jp2f",
"modified": "2022-10-27T19:00:41Z",
"published": "2022-05-24T19:02:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3531"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955326"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/05/14/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/05/17/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WCGQ-QMMC-WW44
Vulnerability from github – Published: 2023-03-16 15:30 – Updated: 2025-02-26 21:30An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.
{
"affected": [],
"aliases": [
"CVE-2023-27783"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.",
"id": "GHSA-wcgq-qmmc-ww44",
"modified": "2025-02-26T21:30:25Z",
"published": "2023-03-16T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27783"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/issues/780"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/pull/781"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WFGC-2F4P-CM5V
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
{
"affected": [],
"aliases": [
"CVE-2020-20262"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-21T15:15:00Z",
"severity": "MODERATE"
},
"details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.",
"id": "GHSA-wfgc-2f4p-cm5v",
"modified": "2022-05-24T19:08:50Z",
"published": "2022-05-24T19:08:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20262"
},
{
"type": "WEB",
"url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2021/May/2"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.