CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
986 vulnerabilities reference this CWE, most recent first.
GHSA-WG72-V28C-7J5H
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2020-36222"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T18:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.",
"id": "GHSA-wg72-v28c-7j5h",
"modified": "2022-05-24T17:40:17Z",
"published": "2022-05-24T17:40:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36222"
},
{
"type": "WEB",
"url": "https://bugs.openldap.org/show_bug.cgi?id=9406"
},
{
"type": "WEB",
"url": "https://bugs.openldap.org/show_bug.cgi?id=9407"
},
{
"type": "WEB",
"url": "https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0"
},
{
"type": "WEB",
"url": "https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed"
},
{
"type": "WEB",
"url": "https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa"
},
{
"type": "WEB",
"url": "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210226-0002"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212529"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212530"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212531"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4845"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/May/64"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/May/65"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/May/70"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WGCP-6P65-QV57
Vulnerability from github – Published: 2022-05-20 00:00 – Updated: 2022-06-02 00:00On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
{
"affected": [],
"aliases": [
"CVE-2022-1183"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-19T10:15:00Z",
"severity": "HIGH"
},
"details": "On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.",
"id": "GHSA-wgcp-6p65-qv57",
"modified": "2022-06-02T00:00:15Z",
"published": "2022-05-20T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1183"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2022-1183"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220707-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WGCX-V4X6-3PP9
Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 18:31FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.
{
"affected": [],
"aliases": [
"CVE-2026-37220"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T15:16:34Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.",
"id": "GHSA-wgcx-v4x6-3pp9",
"modified": "2026-06-01T18:31:48Z",
"published": "2026-06-01T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37220"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37220.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WGPJ-6X6J-FH7R
Vulnerability from github – Published: 2022-01-12 00:01 – Updated: 2022-12-15 21:30There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2021-36409"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T23:15:00Z",
"severity": "HIGH"
},
"details": "There is an Assertion `scaling_list_pred_matrix_id_delta==1\u0027 failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.",
"id": "GHSA-wgpj-6x6j-fh7r",
"modified": "2022-12-15T21:30:26Z",
"published": "2022-01-12T00:01:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36409"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libde265/issues/300"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5346"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WHXF-QV83-4936
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-01-29 00:31Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Cancel message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-37007"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:10Z",
"severity": "MODERATE"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.",
"id": "GHSA-whxf-qv83-4936",
"modified": "2025-01-29T00:31:53Z",
"published": "2025-01-22T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37007"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WJ4M-W3QM-XPCH
Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-06-02 15:31In the Linux kernel, the following vulnerability has been resolved:
romfs: check sb_set_blocksize() return value
romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if the requested block size is incompatible with the block device's configuration.
This can be triggered by setting a loop device's block size larger than PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs filesystem on that device.
When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the device has logical_block_size=32768, bdev_validate_blocksize() fails because the requested size is smaller than the device's logical block size. sb_set_blocksize() returns 0 (failure), but romfs ignores this and continues mounting.
The superblock's block size remains at the device's logical block size (32768). Later, when sb_bread() attempts I/O with this oversized block size, it triggers a kernel BUG in folio_set_bh():
kernel BUG at fs/buffer.c:1582!
BUG_ON(size > PAGE_SIZE);
Fix by checking the return value of sb_set_blocksize() and failing the mount with -EINVAL if it returns 0.
{
"affected": [],
"aliases": [
"CVE-2026-23238"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T15:16:14Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nromfs: check sb_set_blocksize() return value\n\nromfs_fill_super() ignores the return value of sb_set_blocksize(), which\ncan fail if the requested block size is incompatible with the block\ndevice\u0027s configuration.\n\nThis can be triggered by setting a loop device\u0027s block size larger than\nPAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs\nfilesystem on that device.\n\nWhen sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the\ndevice has logical_block_size=32768, bdev_validate_blocksize() fails\nbecause the requested size is smaller than the device\u0027s logical block\nsize. sb_set_blocksize() returns 0 (failure), but romfs ignores this and\ncontinues mounting.\n\nThe superblock\u0027s block size remains at the device\u0027s logical block size\n(32768). Later, when sb_bread() attempts I/O with this oversized block\nsize, it triggers a kernel BUG in folio_set_bh():\n\n kernel BUG at fs/buffer.c:1582!\n BUG_ON(size \u003e PAGE_SIZE);\n\nFix by checking the return value of sb_set_blocksize() and failing the\nmount with -EINVAL if it returns 0.",
"id": "GHSA-wj4m-w3qm-xpch",
"modified": "2026-06-02T15:31:53Z",
"published": "2026-03-04T15:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23238"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c5829cd8fbbc91568c520b666898f57cdcb8cf6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b71ad7676564a94ec5f7d18298f51e8ae53db73"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b203b8ddd7359270e8a694d0584743555128e2c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a381f0f61b35c8894b0bd0d6acef2d8f9b08b244"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cbd9931e6456822067725354d83446c5bb813030"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2521ab1f63a8c244f06a080319e5ff9a2e1bd95"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJ8J-VMWR-JQC9
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2024-03-21 03:33** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”
{
"affected": [],
"aliases": [
"CVE-2018-7713"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-05T23:29:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width \u003c= (1\u003c\u003c20)) may be false. Note: \u201cOpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.\u201d",
"id": "GHSA-wj8j-vmwr-jqc9",
"modified": "2024-03-21T03:33:22Z",
"published": "2022-05-13T01:28:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7713"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv/issues/10998"
},
{
"type": "WEB",
"url": "https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJ92-JWCQ-3HPF
Vulnerability from github – Published: 2022-01-21 00:00 – Updated: 2022-01-27 00:02There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.
{
"affected": [],
"aliases": [
"CVE-2021-46340"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-20T22:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Assertion \u0027context_p-\u003estack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p-\u003estack_top_uint8 == SCAN_STACK_CATCH_STATEMENT\u0027 failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.",
"id": "GHSA-wj92-jwcq-3hpf",
"modified": "2022-01-27T00:02:29Z",
"published": "2022-01-21T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46340"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/4924"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WM53-7W82-C6X3
Vulnerability from github – Published: 2023-03-16 15:30 – Updated: 2025-02-26 18:30An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.
{
"affected": [],
"aliases": [
"CVE-2023-27789"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.",
"id": "GHSA-wm53-7w82-c6x3",
"modified": "2025-02-26T18:30:36Z",
"published": "2023-03-16T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27789"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/issues/784"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/pull/783"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WMP5-3J44-5X2X
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
{
"affected": [],
"aliases": [
"CVE-2017-3137"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-16T20:29:00Z",
"severity": "HIGH"
},
"details": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8.",
"id": "GHSA-wmp5-3j44-5x2x",
"modified": "2022-05-13T01:36:48Z",
"published": "2022-05-13T01:36:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1095"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1105"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1582"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1583"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/aa-01466"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180802-0002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3854"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97651"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038258"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.