Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-2VC7-QFWP-F3CW

Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30
VLAI
Details

Transient DOS while processing 11AZ RTT management action frame received through OTA.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T06:16:02Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while processing 11AZ RTT management action frame received through OTA.",
  "id": "GHSA-2vc7-qfwp-f3cw",
  "modified": "2024-02-06T06:30:32Z",
  "published": "2024-02-06T06:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43523"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VCG-F87X-8HHF

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bug_on in __es_tree_search

Hulk Robot reported a BUG_ON:

kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 ext4_quota_enable fs/ext4/super.c:6137 [inline] ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 mount_bdev+0x2e9/0x3b0 fs/super.c:1158 mount_fs+0x4b/0x1e4 fs/super.c:1261 [...] ==================================================================

Above issue may happen as follows:

ext4_fill_super ext4_enable_quotas ext4_quota_enable ext4_iget __ext4_iget ext4_ext_check_inode ext4_ext_check __ext4_ext_check ext4_valid_extent_entries Check for overlapping extents does't take effect dquot_enable vfs_load_quota_inode v2_check_quota_file v2_read_header ext4_quota_read ext4_bread ext4_getblk ext4_map_blocks ext4_ext_map_blocks ext4_find_extent ext4_cache_extents ext4_es_cache_extent ext4_es_cache_extent __es_tree_search ext4_es_end BUG_ON(es->es_lblk + es->es_len < es->es_lblk)

The error ext4 extents is as follows: 0af3 0300 0400 0000 00000000 extent_header 00000000 0100 0000 12000000 extent1 00000000 0100 0000 18000000 extent2 02000000 0400 0000 14000000 extent3

In the ext4_valid_extent_entries function, if prev is 0, no error is returned even if lblock<=prev. This was intended to skip the check on the first extent, but in the error image above, prev=0+1-1=0 when checking the second extent, so even though lblock<=prev, the function does not return an error. As a result, bug_ON occurs in __es_tree_search and the system panics.

To solve this problem, we only need to check that: 1. The lblock of the first extent is not less than 0. 2. The lblock of the next extent is not less than the next block of the previous extent. The same applies to extent_idx.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in __es_tree_search\n\nHulk Robot reported a BUG_ON:\n==================================================================\nkernel BUG at fs/ext4/extents_status.c:199!\n[...]\nRIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline]\nRIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217\n[...]\nCall Trace:\n ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766\n ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561\n ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964\n ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384\n ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567\n ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980\n ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031\n ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257\n v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63\n v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82\n vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368\n dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490\n ext4_quota_enable fs/ext4/super.c:6137 [inline]\n ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163\n ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754\n mount_bdev+0x2e9/0x3b0 fs/super.c:1158\n mount_fs+0x4b/0x1e4 fs/super.c:1261\n[...]\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\next4_fill_super\n ext4_enable_quotas\n  ext4_quota_enable\n   ext4_iget\n    __ext4_iget\n     ext4_ext_check_inode\n      ext4_ext_check\n       __ext4_ext_check\n        ext4_valid_extent_entries\n         Check for overlapping extents does\u0027t take effect\n   dquot_enable\n    vfs_load_quota_inode\n     v2_check_quota_file\n      v2_read_header\n       ext4_quota_read\n        ext4_bread\n         ext4_getblk\n          ext4_map_blocks\n           ext4_ext_map_blocks\n            ext4_find_extent\n             ext4_cache_extents\n              ext4_es_cache_extent\n               ext4_es_cache_extent\n                __es_tree_search\n                 ext4_es_end\n                  BUG_ON(es-\u003ees_lblk + es-\u003ees_len \u003c es-\u003ees_lblk)\n\nThe error ext4 extents is as follows:\n0af3 0300 0400 0000 00000000    extent_header\n00000000 0100 0000 12000000     extent1\n00000000 0100 0000 18000000     extent2\n02000000 0400 0000 14000000     extent3\n\nIn the ext4_valid_extent_entries function,\nif prev is 0, no error is returned even if lblock\u003c=prev.\nThis was intended to skip the check on the first extent, but\nin the error image above, prev=0+1-1=0 when checking the second extent,\nso even though lblock\u003c=prev, the function does not return an error.\nAs a result, bug_ON occurs in __es_tree_search and the system panics.\n\nTo solve this problem, we only need to check that:\n1. The lblock of the first extent is not less than 0.\n2. The lblock of the next extent  is not less than\n   the next block of the previous extent.\nThe same applies to extent_idx.",
  "id": "GHSA-2vcg-f87x-8hhf",
  "modified": "2025-09-22T21:30:17Z",
  "published": "2025-09-22T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49409"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c617827cd51018bc377bd2954e176920ddbcfad"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4fd58b5cf118d2d9038a0b8c9cc0e43096297686"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59cf2fabbfe76de29d88dd7ae69858a25735b59f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0083459e2b6b07ebd78bea2fe684a19cc0f3d0f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d36f6ed761b53933b0b4126486c10d3da7751e7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea6ea18b3ab0c0d7fefffb3c4d27df758b1c790a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2WRH-J8P9-W4C5

Vulnerability from github – Published: 2023-05-05 15:30 – Updated: 2024-04-04 03:49
VLAI
Details

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-05T15:15:09Z",
    "severity": "MODERATE"
  },
  "details": "llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) \u0026\u0026 \"operation was already replaced.",
  "id": "GHSA-2wrh-j8p9-w4c5",
  "modified": "2024-04-04T03:49:38Z",
  "published": "2023-05-05T15:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29935"
    },
    {
      "type": "WEB",
      "url": "https://github.com/llvm/llvm-project/issues/59182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2X3R-3GRM-F4WW

Vulnerability from github – Published: 2023-05-19 00:30 – Updated: 2024-04-04 04:14
VLAI
Details

There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-18T22:15:09Z",
    "severity": "HIGH"
  },
  "details": "There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).",
  "id": "GHSA-2x3r-3grm-f4ww",
  "modified": "2024-04-04T04:14:48Z",
  "published": "2023-05-19T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23759"
    },
    {
      "type": "WEB",
      "url": "https://github.com/facebookincubator/fizz/commit/8d3649841597bedfb6986c30431ebad0eb215265"
    },
    {
      "type": "WEB",
      "url": "https://www.facebook.com/security/advisories/cve-2023-23759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XGJ-P3P2-VX5F

Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30
VLAI
Details

Transient DOS in Data modem while handling TLB control messages from the Network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T03:15:11Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS in Data modem while handling TLB control messages from the Network.",
  "id": "GHSA-2xgj-p3p2-vx5f",
  "modified": "2023-12-05T03:30:22Z",
  "published": "2023-12-05T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33044"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3242-RQGF-8X5V

Vulnerability from github – Published: 2026-02-02 03:31 – Updated: 2026-02-02 03:31
VLAI
Details

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T02:16:10Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.",
  "id": "GHSA-3242-rqgf-8x5v",
  "modified": "2026-02-02T03:31:18Z",
  "published": "2026-02-02T03:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1738"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4261"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4261#event-21968563677"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4261#issue-3787803578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.343637"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.343637"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.741193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3438-W73J-W82H

Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01
VLAI
Details

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-05T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.",
  "id": "GHSA-3438-w73j-w82h",
  "modified": "2022-05-14T00:01:25Z",
  "published": "2022-05-06T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29339"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/issues/2165"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34FQ-364C-3W2G

Vulnerability from github – Published: 2024-12-03 18:31 – Updated: 2024-12-03 18:31
VLAI
Details

Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-21T15:15:35Z",
    "severity": "HIGH"
  },
  "details": "Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.",
  "id": "GHSA-34fq-364c-3w2g",
  "modified": "2024-12-03T18:31:02Z",
  "published": "2024-12-03T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53429"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open62541/open62541/issues/6825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3538-RRCV-8MRQ

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-25 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: remove WARN_ON_ONCE when accessing forward path array

Although unlikely, recent support for IPIP tunnels increases chances of reaching this WARN_ON_ONCE if userspace manages to build a sufficiently long forward path.

Remove it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T14:16:56Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: remove WARN_ON_ONCE when accessing forward path array\n\nAlthough unlikely, recent support for IPIP tunnels increases chances of\nreaching this WARN_ON_ONCE if userspace manages to build a sufficiently\nlong forward path.\n\nRemove it.",
  "id": "GHSA-3538-rrcv-8mrq",
  "modified": "2026-06-25T21:31:18Z",
  "published": "2026-05-27T15:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45847"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/008e7a7c293b30bc43e4368dac6ea3808b75a572"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/50422613185d505201167e8bdd2f2700790d5db6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/548244c2f542aa0ad49453e9306e715a3877bc44"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9464ca7a6e56ad1ebf48b2ad5c16871edfad10c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/959ea349c7e2d4edf07b6838ca7e59345fe61a08"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a78d055ba7c31103ad02f8eceb0c452e154d2660"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dcf9b3c90e5560339649d088836529883fb509f3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-359G-WG43-PFV8

Vulnerability from github – Published: 2026-01-17 18:30 – Updated: 2026-02-23 09:31
VLAI
Details

A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The issue report is flagged as already-fixed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-17T16:16:05Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The issue report is flagged as already-fixed.",
  "id": "GHSA-359g-wg43-pfv8",
  "modified": "2026-02-23T09:31:20Z",
  "published": "2026-01-17T18:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4233"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4233#issue-3776216182"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.341598"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.341598"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.729339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.