CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-453R-CX7V-94WR
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
{
"affected": [],
"aliases": [
"CVE-2021-33600"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-28T10:15:00Z",
"severity": "HIGH"
},
"details": "A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.",
"id": "GHSA-453r-cx7v-94wr",
"modified": "2022-05-24T19:16:01Z",
"published": "2022-05-24T19:16:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33600"
},
{
"type": "WEB",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"type": "WEB",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-45CV-7V28-M46P
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 21:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
If we get -ENOMEM while dropping file extent items in a given range, at btrfs_drop_extents(), due to failure to allocate memory when attempting to increment the reference count for an extent or drop the reference count, we handle it with a BUG_ON(). This is excessive, instead we can simply abort the transaction and return the error to the caller. In fact most callers of btrfs_drop_extents(), directly or indirectly, already abort the transaction if btrfs_drop_extents() returns any error.
Also, we already have error paths at btrfs_drop_extents() that may return -ENOMEM and in those cases we abort the transaction, like for example anything that changes the b+tree may return -ENOMEM due to a failure to allocate a new extent buffer when COWing an existing extent buffer, such as a call to btrfs_duplicate_item() for example.
So replace the BUG_ON() calls with proper logic to abort the transaction and return the error.
{
"affected": [],
"aliases": [
"CVE-2022-50293"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range\n\nIf we get -ENOMEM while dropping file extent items in a given range, at\nbtrfs_drop_extents(), due to failure to allocate memory when attempting to\nincrement the reference count for an extent or drop the reference count,\nwe handle it with a BUG_ON(). This is excessive, instead we can simply\nabort the transaction and return the error to the caller. In fact most\ncallers of btrfs_drop_extents(), directly or indirectly, already abort\nthe transaction if btrfs_drop_extents() returns any error.\n\nAlso, we already have error paths at btrfs_drop_extents() that may return\n-ENOMEM and in those cases we abort the transaction, like for example\nanything that changes the b+tree may return -ENOMEM due to a failure to\nallocate a new extent buffer when COWing an existing extent buffer, such\nas a call to btrfs_duplicate_item() for example.\n\nSo replace the BUG_ON() calls with proper logic to abort the transaction\nand return the error.",
"id": "GHSA-45cv-7v28-m46p",
"modified": "2025-12-04T21:31:01Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50293"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/162d053e15fe985f754ef495a96eb3db970c43ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1baf3370e2dc5e6bd1368348736189457dab2a27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50f993da945074b2a069da099a0331b23a0c89a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fbcb635c8fc927d139f3302babcf1b42c09265c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45Q4-QCPX-MGMJ
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2025-04-20 03:44There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-13749"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-29T06:29:00Z",
"severity": "HIGH"
},
"details": "There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.",
"id": "GHSA-45q4-qcpx-mgmj",
"modified": "2025-04-20T03:44:03Z",
"published": "2022-05-13T01:11:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13749"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485285"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100514"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-45R2-RX5V-Q5F6
Vulnerability from github – Published: 2025-08-25 03:33 – Updated: 2025-08-25 03:33A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.
{
"affected": [],
"aliases": [
"CVE-2025-9403"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-25T03:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.",
"id": "GHSA-45r2-rx5v-q5f6",
"modified": "2025-08-25T03:33:08Z",
"published": "2025-08-25T03:33:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9403"
},
{
"type": "WEB",
"url": "https://github.com/jqlang/jq/issues/3393"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1r8m9PhU_rk-QPj6OMcs415FcvWPD-zJY/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321239"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321239"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.633170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-46HP-7JPH-MGXF
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-02-07 03:32Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message missing a required NAS_PDU field to repeatedly crash the MME, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-34235"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:12Z",
"severity": "HIGH"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.",
"id": "GHSA-46hp-7jph-mgxf",
"modified": "2025-02-07T03:32:01Z",
"published": "2025-01-22T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34235"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46Q4-H5PV-R45Q
Vulnerability from github – Published: 2025-08-07 21:31 – Updated: 2025-08-07 21:31A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2025-8698"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-07T21:15:29Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-46q4-h5pv-r45q",
"modified": "2025-08-07T21:31:09Z",
"published": "2025-08-07T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8698"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4012"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/commit/66bc558e417e70ae216ec155e4e81c14ae0ecf30"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/21356631/amf_nsmf_pdusession_handle_release_sm_context.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319128"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319128"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.621282"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-46RH-MCF3-6V59
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
{
"affected": [],
"aliases": [
"CVE-2022-34484"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "HIGH"
},
"details": "The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 102, Firefox ESR \u003c 91.11, Thunderbird \u003c 102, and Thunderbird \u003c 91.11.",
"id": "GHSA-46rh-mcf3-6v59",
"modified": "2025-04-15T18:31:31Z",
"published": "2022-12-22T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34484"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46RX-WMHR-CJ2M
Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 18:31FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC_SUBSCRIPTION_RESPONSE to the near-RT RIC (port 36421) to cause SIGABRT in Debug builds or NULL pointer dereference (SIGSEGV) in Release builds.
{
"affected": [],
"aliases": [
"CVE-2026-37221"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T15:16:34Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC_SUBSCRIPTION_RESPONSE to the near-RT RIC (port 36421) to cause SIGABRT in Debug builds or NULL pointer dereference (SIGSEGV) in Release builds.",
"id": "GHSA-46rx-wmhr-cj2m",
"modified": "2026-06-01T18:31:48Z",
"published": "2026-06-01T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37221"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37221.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46VV-9WJ7-QVXG
Vulnerability from github – Published: 2021-12-04 00:00 – Updated: 2021-12-07 00:00A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-44022"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-03T11:15:00Z",
"severity": "MODERATE"
},
"details": "A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-46vv-9wj7-qvxg",
"modified": "2021-12-07T00:00:58Z",
"published": "2021-12-04T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44022"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000289229"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-46X2-68M6-PGPC
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2019-9211"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-27T17:29:00Z",
"severity": "MODERATE"
},
"details": "There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.",
"id": "GHSA-46x2-68m6-pgpc",
"modified": "2022-05-13T01:23:03Z",
"published": "2022-05-13T01:23:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9211"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683499"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107190"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.