CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-2726-MPRM-WGQ9
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-1955"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T06:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-2726-mprm-wgq9",
"modified": "2022-05-24T19:07:45Z",
"published": "2022-05-24T19:07:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1955"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-274H-C788-HF3C
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
{
"affected": [],
"aliases": [
"CVE-2021-27212"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-14T03:15:00Z",
"severity": "HIGH"
},
"details": "In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.",
"id": "GHSA-274h-c788-hf3c",
"modified": "2022-05-24T17:42:08Z",
"published": "2022-05-24T17:42:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27212"
},
{
"type": "WEB",
"url": "https://bugs.openldap.org/show_bug.cgi?id=9454"
},
{
"type": "WEB",
"url": "https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0"
},
{
"type": "WEB",
"url": "https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210319-0005"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4860"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-274M-PQM8-J3HC
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 21:31In the Linux kernel, the following vulnerability has been resolved:
ice: ptp: don't WARN when controlling PF is unavailable
In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF (adapter->ctrl_pf) is never initialized in the VM, so ice_get_ctrl_ptp() returns NULL and triggers WARN_ON() in ice_ptp_setup_pf().
Since this is an expected behavior in that configuration, replace WARN_ON() with an informational message and return -EOPNOTSUPP.
{
"affected": [],
"aliases": [
"CVE-2026-43346"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: ptp: don\u0027t WARN when controlling PF is unavailable\n\nIn VFIO passthrough setups, it is possible to pass through only a PF\nwhich doesn\u0027t own the source timer. In that case the PTP controlling PF\n(adapter-\u003ectrl_pf) is never initialized in the VM, so ice_get_ctrl_ptp()\nreturns NULL and triggers WARN_ON() in ice_ptp_setup_pf().\n\nSince this is an expected behavior in that configuration, replace\nWARN_ON() with an informational message and return -EOPNOTSUPP.",
"id": "GHSA-274m-pqm8-j3hc",
"modified": "2026-05-15T21:31:31Z",
"published": "2026-05-08T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43346"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb3f21edc7056cdf44a7f7bd7ba65af40741838c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c73f365707d3b1b78b7d16e1f029020d1ae50d0f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e19675b384e9dcaca1bd5e4a67b8ad136eccfbe8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-276X-WF53-35PW
Vulnerability from github – Published: 2025-05-05 03:30 – Updated: 2025-05-06 15:31In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.
{
"affected": [],
"aliases": [
"CVE-2025-20666"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-05T03:15:21Z",
"severity": "HIGH"
},
"details": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.",
"id": "GHSA-276x-wf53-35pw",
"modified": "2025-05-06T15:31:02Z",
"published": "2025-05-05T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20666"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/May-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-27J5-4P9V-PP67
Vulnerability from github – Published: 2021-08-25 14:43 – Updated: 2024-11-13 16:13Impact
Providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements:
import tensorflow as tf
tf.raw_ops.TensorListReserve(
element_shape = tf.constant([1]),
num_elements=tf.constant([-1]),
element_dtype = tf.int32)
The implementation calls std::vector.resize() with the new size controlled by input given by the user, without checking that this input is valid.
Patches
We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37644"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-23T19:16:53Z",
"nvd_published_at": "2021-08-12T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nProviding a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.TensorListReserve(\n element_shape = tf.constant([1]),\n num_elements=tf.constant([-1]),\n element_dtype = tf.int32)\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input given by the user, without checking that this input is valid.\n\n### Patches\nWe have patched the issue in GitHub commit [8a6e874437670045e6c7dc6154c7412b4a2135e2](https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-27j5-4p9v-pp67",
"modified": "2024-11-13T16:13:05Z",
"published": "2021-08-25T14:43:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27j5-4p9v-pp67"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37644"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-557.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-755.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-266.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "`std::abort` raised from `TensorListReserve`"
}
GHSA-27RC-728F-X5W2
Vulnerability from github – Published: 2022-11-21 21:54 – Updated: 2022-11-21 21:54Impact
Inputs dense_features or example_state_data not of rank 2 will trigger a CHECK fail in SdcaOptimizer.
import tensorflow as tf
tf.raw_ops.SdcaOptimizer(
sparse_example_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],
sparse_feature_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],
sparse_feature_values=8 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],
dense_features=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],
example_weights=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),
example_labels=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),
sparse_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],
sparse_weights=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],
dense_weights=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],
example_state_data=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),
loss_type="squared_loss",
l1=0.0,
l2=0.0,
num_loss_partitions=1,
num_inner_iterations=1,
adaptative=False,)
Patches
We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa.
The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Zizhuang Deng of IIE, UCAS
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41899"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-21T21:54:26Z",
"nvd_published_at": "2022-11-18T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nInputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in [`SdcaOptimizer`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc).\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.SdcaOptimizer(\n sparse_example_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],\n sparse_feature_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],\n sparse_feature_values=8 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n dense_features=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n example_weights=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),\n example_labels=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),\n sparse_indices=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.int64, maxval=100)],\n sparse_weights=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n dense_weights=4 * [tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100)],\n example_state_data=tf.random.uniform([5,5,5,3], dtype=tf.dtypes.float32, maxval=100),\n loss_type=\"squared_loss\",\n l1=0.0,\n l2=0.0,\n num_loss_partitions=1,\n num_inner_iterations=1,\n adaptative=False,)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [80ff197d03db2a70c6a111f97dcdacad1b0babfa](https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa).\n\nThe fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Zizhuang Deng of IIE, UCAS\n",
"id": "GHSA-27rc-728f-x5w2",
"modified": "2022-11-21T21:54:26Z",
"published": "2022-11-21T21:54:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41899"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1b0babfa"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sdca_internal.cc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "`CHECK` fail via inputs in `SdcaOptimizer`"
}
GHSA-27VR-24CC-98H4
Vulnerability from github – Published: 2024-04-26 15:30 – Updated: 2024-08-01 15:31Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list.
{
"affected": [],
"aliases": [
"CVE-2024-33255"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T15:15:49Z",
"severity": "MODERATE"
},
"details": "Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list.",
"id": "GHSA-27vr-24cc-98h4",
"modified": "2024-08-01T15:31:42Z",
"published": "2024-04-26T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33255"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/5135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2843-F6R8-WH6V
Vulnerability from github – Published: 2025-06-23 03:30 – Updated: 2025-06-23 03:30A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-6497"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-23T01:15:22Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-2843-f6r8-wh6v",
"modified": "2025-06-23T03:30:30Z",
"published": "2025-06-23T03:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6497"
},
{
"type": "WEB",
"url": "https://github.com/htacg/tidy-html5/issues/1142"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/19825297/tidy-html5_crash_2.txt"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.313613"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.313613"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.601008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2862-4MGM-J6FV
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2024-03-21 03:33** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”
{
"affected": [],
"aliases": [
"CVE-2018-7714"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-05T23:29:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels \u003c= (1\u003c\u003c30)) may be false. Note: \u201cOpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.\u201d",
"id": "GHSA-2862-4mgm-j6fv",
"modified": "2024-03-21T03:33:22Z",
"published": "2022-05-13T01:28:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7714"
},
{
"type": "WEB",
"url": "https://github.com/opencv/opencv/issues/10998"
},
{
"type": "WEB",
"url": "https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2973-Q4QX-MJF5
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle errors from btrfs_dec_ref() properly
In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error.
{
"affected": [],
"aliases": [
"CVE-2024-46753"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error.",
"id": "GHSA-2973-q4qx-mjf5",
"modified": "2025-11-03T21:31:13Z",
"published": "2024-09-18T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46753"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.