Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-X76X-V36Q-WQRF

Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-01-28 21:31
VLAI
Details

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Failure message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T15:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Open5GS MME versions \u003c= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial Context Setup Failure` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.",
  "id": "GHSA-x76x-v36q-wqrf",
  "modified": "2025-01-28T21:31:01Z",
  "published": "2025-01-22T15:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37005"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7PQ-2J3F-24RV

Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-02-07 03:32
VLAI
Details

Open5GS MME versions <= 2.6.4 contain a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MME_UE_S1AP_ID field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T15:15:11Z",
    "severity": "HIGH"
  },
  "details": "Open5GS MME versions \u003c= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service.",
  "id": "GHSA-x7pq-2j3f-24rv",
  "modified": "2025-02-07T03:32:01Z",
  "published": "2025-01-22T15:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37023"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8G3-WJF9-C729

Vulnerability from github – Published: 2022-09-01 00:00 – Updated: 2022-09-07 00:01
VLAI
Details

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-131",
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-31T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.",
  "id": "GHSA-x8g3-wjf9-c729",
  "modified": "2022-09-07T00:01:51Z",
  "published": "2022-09-01T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2520"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0095"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:0302"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2520"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122792"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/issues/424"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XC8H-HH3V-5WPC

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-11-24 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()

The UIC completion interrupt may be disabled while an UIC command is being processed. When the UIC completion interrupt is reenabled, an UIC interrupt is triggered and the WARN_ON_ONCE(!cmd) statement is hit. Hence this patch that removes this kernel warning.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T13:15:35Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()\n\nThe UIC completion interrupt may be disabled while an UIC command is\nbeing processed. When the UIC completion interrupt is reenabled, an UIC\ninterrupt is triggered and the WARN_ON_ONCE(!cmd) statement is hit.\nHence this patch that removes this kernel warning.",
  "id": "GHSA-xc8h-hh3v-5wpc",
  "modified": "2025-11-24T18:31:08Z",
  "published": "2025-09-15T15:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39803"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0cc24c139e0f62859dbf88e050ba074cd93988f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5203d89d59bfcbe1f348aa0d2dc4449a8ba644c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCQM-RR3V-JGG5

Vulnerability from github – Published: 2022-06-20 00:00 – Updated: 2022-06-29 00:00
VLAI
Details

libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-19T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.",
  "id": "GHSA-xcqm-rr3v-jgg5",
  "modified": "2022-06-29T00:00:28Z",
  "published": "2022-06-20T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34000"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libjxl/libjxl/issues/1477"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-36"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCVQ-77QQ-2WPX

Vulnerability from github – Published: 2024-02-13 15:31 – Updated: 2024-05-03 15:30
VLAI
Details

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when:

  • nxdomain-redirect <domain>; is configured, and
  • the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5517"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-13T14:15:45Z",
    "severity": "HIGH"
  },
  "details": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n  - `nxdomain-redirect \u003cdomain\u003e;` is configured, and\n  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
  "id": "GHSA-xcvq-77qq-2wpx",
  "modified": "2024-05-03T15:30:35Z",
  "published": "2024-02-13T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5517"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2023-5517"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240503-0006"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCX8-3X77-X2FH

Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-03 00:00
VLAI
Details

There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an Assertion `mjs_stack_size(\u0026mjs-\u003escopes) \u003e= scopes_len\u0027 failed at src/mjs_exec.c in Cesanta MJS v2.20.0.",
  "id": "GHSA-xcx8-3x77-x2fh",
  "modified": "2022-02-03T00:00:32Z",
  "published": "2022-01-28T00:01:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46515"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cesanta/mjs/issues/186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XCX8-PHHC-XP94

Vulnerability from github – Published: 2022-01-21 00:00 – Updated: 2022-01-27 00:02
VLAI
Details

There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-20T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an Assertion \u0027ecma_object_check_class_name_is_object (obj_p)\u0027 failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.",
  "id": "GHSA-xcx8-phhc-xp94",
  "modified": "2022-01-27T00:02:24Z",
  "published": "2022-01-21T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46347"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jerryscript-project/jerryscript/issues/4938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XF73-83RW-9RXC

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-02 03:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: exit gracefully if reloc roots don't match

[BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge().

[CAUSE] The root cause of the triggered ASSERT() is we can have a race between quota tree creation and relocation.

This leads us to create a duplicated quota tree in the btrfs_read_fs_root() path, and since it's treated as fs tree, it would have ROOT_SHAREABLE flag, causing us to create a reloc tree for it.

The bug itself is fixed by a dedicated patch for it, but this already taught us the ASSERT() is not something straightforward for developers.

[ENHANCEMENT] Instead of using an ASSERT(), let's handle it gracefully and output extra info about the mismatch reloc roots to help debug.

Also with the above ASSERT() removed, we can trigger ASSERT(0)s inside merge_reloc_roots() later. Also replace those ASSERT(0)s with WARN_ON()s.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit gracefully if reloc roots don\u0027t match\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\n[CAUSE]\nThe root cause of the triggered ASSERT() is we can have a race between\nquota tree creation and relocation.\n\nThis leads us to create a duplicated quota tree in the\nbtrfs_read_fs_root() path, and since it\u0027s treated as fs tree, it would\nhave ROOT_SHAREABLE flag, causing us to create a reloc tree for it.\n\nThe bug itself is fixed by a dedicated patch for it, but this already\ntaught us the ASSERT() is not something straightforward for\ndevelopers.\n\n[ENHANCEMENT]\nInstead of using an ASSERT(), let\u0027s handle it gracefully and output\nextra info about the mismatch reloc roots to help debug.\n\nAlso with the above ASSERT() removed, we can trigger ASSERT(0)s inside\nmerge_reloc_roots() later.\nAlso replace those ASSERT(0)s with WARN_ON()s.",
  "id": "GHSA-xf73-83rw-9rxc",
  "modified": "2025-12-02T03:31:35Z",
  "published": "2025-09-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53183"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05d7ce504545f7874529701664c90814ca645c5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69dd147de419b04d1d8d2ca67ef424cddd5b8fd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d04716e36654275aea00fb93fc9b30b850925e7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a96b6519ac71583835cb46d74bc450de5a13877f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XF7R-8X9R-R7XG

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:43
VLAI
Details

There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-29T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.",
  "id": "GHSA-xf7r-8x9r-r7xg",
  "modified": "2025-04-20T03:43:59Z",
  "published": "2022-05-13T01:43:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13726"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3602-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4100"
    },
    {
      "type": "WEB",
      "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2727"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.