CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-35Q6-7298-9C8J
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-01-29 00:31A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
{
"affected": [],
"aliases": [
"CVE-2024-24432"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:12Z",
"severity": "MODERATE"
},
"details": "A reachable assertion in the ogs_kdf_hash_mme function of Open5GS \u003c= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.",
"id": "GHSA-35q6-7298-9c8j",
"modified": "2025-01-29T00:31:53Z",
"published": "2025-01-22T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24432"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-364J-9M4F-F6R2
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-9499"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-07T14:29:00Z",
"severity": "MODERATE"
},
"details": "In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.",
"id": "GHSA-364j-9m4f-f6r2",
"modified": "2022-05-13T01:48:00Z",
"published": "2022-05-13T01:48:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9499"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/492"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98944"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36M4-MV4F-9C4Q
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 21:31Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-37029"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:10Z",
"severity": "HIGH"
},
"details": "Magma versions \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.",
"id": "GHSA-36m4-mv4f-9c4q",
"modified": "2025-01-23T21:31:51Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37029"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36VM-XW34-X4PJ
Vulnerability from github – Published: 2021-05-21 14:25 – Updated: 2024-11-01 16:55Impact
An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT:
import tensorflow as tf
values = [-10.0] * 130
values[0] = -9.999999999999995
inputs = tf.constant(values, shape=[10, 13], dtype=tf.float32)
inputs = tf.cast(inputs, dtype=tf.complex64)
fft_length = tf.constant([0], shape=[1], dtype=tf.int32)
tf.raw_ops.IRFFT(input=inputs, fft_length=fft_length)
The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.
Patches
We have patched the issue in GitHub commit 1c56f53be0b722ca657cbc7df461ed676c8642a2.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29562"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T19:48:31Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.IRFFT`:\n \n```python\nimport tensorflow as tf\n\nvalues = [-10.0] * 130\nvalues[0] = -9.999999999999995\ninputs = tf.constant(values, shape=[10, 13], dtype=tf.float32)\ninputs = tf.cast(inputs, dtype=tf.complex64)\nfft_length = tf.constant([0], shape=[1], dtype=tf.int32)\n\ntf.raw_ops.IRFFT(input=inputs, fft_length=fft_length)\n``` \n \nThe above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.\n\n### Patches\nWe have patched the issue in GitHub commit [1c56f53be0b722ca657cbc7df461ed676c8642a2](https://github.com/tensorflow/tensorflow/commit/1c56f53be0b722ca657cbc7df461ed676c8642a2).\n \nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team. ",
"id": "GHSA-36vm-xw34-x4pj",
"modified": "2024-11-01T16:55:35Z",
"published": "2021-05-21T14:25:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-36vm-xw34-x4pj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29562"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/1c56f53be0b722ca657cbc7df461ed676c8642a2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-490.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-688.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-199.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "CHECK-fail in `tf.raw_ops.IRFFT`"
}
GHSA-3775-FRGH-J3VC
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2022-06-22 00:00An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.
{
"affected": [],
"aliases": [
"CVE-2019-15892"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-03T21:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.",
"id": "GHSA-3775-frgh-j3vc",
"modified": "2022-06-22T00:00:54Z",
"published": "2022-05-24T16:55:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15892"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/5"
},
{
"type": "WEB",
"url": "https://varnish-cache.org/security/VSV00003.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4514"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3778-6QX9-FC4V
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 18:30Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2022-25673"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile",
"id": "GHSA-3778-6qx9-fc4v",
"modified": "2022-12-15T18:30:23Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25673"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3784-9734-2V5F
Vulnerability from github – Published: 2025-06-03 15:31 – Updated: 2025-06-03 15:31A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2025-5501"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T14:15:51Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-3784-9734-2v5f",
"modified": "2025-06-03T15:31:26Z",
"published": "2025-06-03T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5501"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/3909"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/3909#issuecomment-2926682623"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/commit/2daa44adab762c47a8cef69cc984946973a845b3"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/20362183/AMF.crash.due.to.pathswitchrequest.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.310915"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.310915"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.582265"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-37JF-MJV6-XFQW
Vulnerability from github – Published: 2022-09-16 19:24 – Updated: 2022-09-19 19:09Impact
When Conv2DBackpropInput receives empty out_backprop inputs (e.g. [3, 1, 0, 1]), the current CPU/GPU kernels CHECK fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack.
import tensorflow as tf
import numpy as np
input_sizes = [3, 1, 1, 2]
filter = np.ones([1, 3, 2, 3])
out_backprop = np.ones([3, 1, 0, 3])
strides = [1, 1, 2, 1]
padding = 'VALID'
tf.raw_ops.Conv2DBackpropInput(
input_sizes = input_sizes,
filter = filter,
out_backprop = out_backprop,
strides = strides,
padding = padding
)
Patches
We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35999"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T19:24:49Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np\ninput_sizes = [3, 1, 1, 2]\nfilter = np.ones([1, 3, 2, 3])\nout_backprop = np.ones([3, 1, 0, 3])\nstrides = [1, 1, 2, 1]\npadding = \u0027VALID\u0027\n\ntf.raw_ops.Conv2DBackpropInput(\n input_sizes = input_sizes,\n filter = filter,\n out_backprop = out_backprop,\n strides = strides,\n padding = padding\n)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [27a65a43cf763897fecfa5cdb5cc653fc5dd0346](https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jingyi Shi.\n",
"id": "GHSA-37jf-mjv6-xfqw",
"modified": "2022-09-19T19:09:33Z",
"published": "2022-09-16T19:24:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35999"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/27a65a43cf763897fecfa5cdb5cc653fc5dd0346"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`"
}
GHSA-39WR-F4FF-XM6P
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-06-13 21:56Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "streebog"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25007"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:19:50Z",
"nvd_published_at": "2020-12-31T10:15:14Z",
"severity": "HIGH"
},
"details": "Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could\u0027ve caused an incorrect result or panic for certain inputs.",
"id": "GHSA-39wr-f4ff-xm6p",
"modified": "2023-06-13T21:56:16Z",
"published": "2021-08-25T20:46:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25007"
},
{
"type": "WEB",
"url": "https://github.com/RustCrypto/hashes/pull/91"
},
{
"type": "PACKAGE",
"url": "https://github.com/RustCrypto/hashes/tree/master/streebog"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect implementation in streebog"
}
GHSA-3H5Q-GG6W-2G7P
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
{
"affected": [],
"aliases": [
"CVE-2020-20214"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-18T19:15:00Z",
"severity": "MODERATE"
},
"details": "Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.",
"id": "GHSA-3h5q-gg6w-2g7p",
"modified": "2022-05-24T19:02:42Z",
"published": "2022-05-24T19:02:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20214"
},
{
"type": "WEB",
"url": "https://mikrotik.com"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/May/15"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.