CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-X76X-V36Q-WQRF
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-01-28 21:31Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Failure message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-37005"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:10Z",
"severity": "MODERATE"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.",
"id": "GHSA-x76x-v36q-wqrf",
"modified": "2025-01-28T21:31:01Z",
"published": "2025-01-22T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37005"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X7PQ-2J3F-24RV
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-02-07 03:32Open5GS MME versions <= 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MME_UE_S1AP_ID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-37023"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:11Z",
"severity": "HIGH"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.",
"id": "GHSA-x7pq-2j3f-24rv",
"modified": "2025-02-07T03:32:01Z",
"published": "2025-01-22T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37023"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X8G3-WJF9-C729
Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-07 00:01A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
{
"affected": [],
"aliases": [
"CVE-2022-2520"
],
"database_specific": {
"cwe_ids": [
"CWE-131",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-31T16:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.",
"id": "GHSA-x8g3-wjf9-c729",
"modified": "2022-09-07T00:01:51Z",
"published": "2022-09-01T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2520"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0095"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0302"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2520"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/424"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XC8H-HH3V-5WPC
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-24 18:31In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()
The UIC completion interrupt may be disabled while an UIC command is being processed. When the UIC completion interrupt is reenabled, an UIC interrupt is triggered and the WARN_ON_ONCE(!cmd) statement is hit. Hence this patch that removes this kernel warning.
{
"affected": [],
"aliases": [
"CVE-2025-39803"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T13:15:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()\n\nThe UIC completion interrupt may be disabled while an UIC command is\nbeing processed. When the UIC completion interrupt is reenabled, an UIC\ninterrupt is triggered and the WARN_ON_ONCE(!cmd) statement is hit.\nHence this patch that removes this kernel warning.",
"id": "GHSA-xc8h-hh3v-5wpc",
"modified": "2025-11-24T18:31:08Z",
"published": "2025-09-15T15:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39803"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0cc24c139e0f62859dbf88e050ba074cd93988f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5203d89d59bfcbe1f348aa0d2dc4449a8ba644c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCQM-RR3V-JGG5
Vulnerability from github – Published: 2022-06-20 00:00 – Updated: 2022-06-29 00:00libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.
{
"affected": [],
"aliases": [
"CVE-2022-34000"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-19T20:15:00Z",
"severity": "MODERATE"
},
"details": "libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.",
"id": "GHSA-xcqm-rr3v-jgg5",
"modified": "2022-06-29T00:00:28Z",
"published": "2022-06-20T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34000"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/issues/1477"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCVQ-77QQ-2WPX
Vulnerability from github – Published: 2024-02-13 15:31 – Updated: 2024-05-03 15:30A flaw in query-handling code can cause named to exit prematurely with an assertion failure when:
nxdomain-redirect <domain>;is configured, and- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
{
"affected": [],
"aliases": [
"CVE-2023-5517"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T14:15:45Z",
"severity": "HIGH"
},
"details": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n - `nxdomain-redirect \u003cdomain\u003e;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"id": "GHSA-xcvq-77qq-2wpx",
"modified": "2024-05-03T15:30:35Z",
"published": "2024-02-13T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5517"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2023-5517"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240503-0006"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCX8-3X77-X2FH
Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-03 00:00There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
{
"affected": [],
"aliases": [
"CVE-2021-46515"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Assertion `mjs_stack_size(\u0026mjs-\u003escopes) \u003e= scopes_len\u0027 failed at src/mjs_exec.c in Cesanta MJS v2.20.0.",
"id": "GHSA-xcx8-3x77-x2fh",
"modified": "2022-02-03T00:00:32Z",
"published": "2022-01-28T00:01:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46515"
},
{
"type": "WEB",
"url": "https://github.com/cesanta/mjs/issues/186"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XCX8-PHHC-XP94
Vulnerability from github – Published: 2022-01-21 00:00 – Updated: 2022-01-27 00:02There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.
{
"affected": [],
"aliases": [
"CVE-2021-46347"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-20T22:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Assertion \u0027ecma_object_check_class_name_is_object (obj_p)\u0027 failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.",
"id": "GHSA-xcx8-phhc-xp94",
"modified": "2022-01-27T00:02:24Z",
"published": "2022-01-21T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46347"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/4938"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XF73-83RW-9RXC
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 03:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: exit gracefully if reloc roots don't match
[BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge().
[CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation.
This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for it.
The bug itself is fixed by a dedicated patch for it, but this already taught us the ASSERT() is not something straightforward for developers.
[ENHANCEMENT] Instead of using an ASSERT(), let's handle it gracefully and output extra info about the mismatch reloc roots to help debug.
Also with the above ASSERT() removed, we can trigger ASSERT(0)s inside merge_reloc_roots() later. Also replace those ASSERT(0)s with WARN_ON()s.
{
"affected": [],
"aliases": [
"CVE-2023-53183"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T14:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit gracefully if reloc roots don\u0027t match\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\n[CAUSE]\nThe root cause of the triggered ASSERT() is we can have a race between\nquota tree creation and relocation.\n\nThis leads us to create a duplicated quota tree in the\nbtrfs_read_fs_root() path, and since it\u0027s treated as fs tree, it would\nhave ROOT_SHAREABLE flag, causing us to create a reloc tree for it.\n\nThe bug itself is fixed by a dedicated patch for it, but this already\ntaught us the ASSERT() is not something straightforward for\ndevelopers.\n\n[ENHANCEMENT]\nInstead of using an ASSERT(), let\u0027s handle it gracefully and output\nextra info about the mismatch reloc roots to help debug.\n\nAlso with the above ASSERT() removed, we can trigger ASSERT(0)s inside\nmerge_reloc_roots() later.\nAlso replace those ASSERT(0)s with WARN_ON()s.",
"id": "GHSA-xf73-83rw-9rxc",
"modified": "2025-12-02T03:31:35Z",
"published": "2025-09-15T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53183"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05d7ce504545f7874529701664c90814ca645c5d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d04716e36654275aea00fb93fc9b30b850925e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a96b6519ac71583835cb46d74bc450de5a13877f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF7R-8X9R-R7XG
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:43There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-13726"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-29T06:29:00Z",
"severity": "MODERATE"
},
"details": "There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.",
"id": "GHSA-xf7r-8x9r-r7xg",
"modified": "2025-04-20T03:43:59Z",
"published": "2022-05-13T01:43:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13726"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3602-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4100"
},
{
"type": "WEB",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2727"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100524"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.