CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-4G3H-V9FP-PGM4
Vulnerability from github – Published: 2023-11-02 15:30 – Updated: 2025-11-04 00:30A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
{
"affected": [],
"aliases": [
"CVE-2023-38472"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-02T15:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.",
"id": "GHSA-4g3h-v9fp-pgm4",
"modified": "2025-11-04T00:30:41Z",
"published": "2023-11-02T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38472"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-38472"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4GRG-RGMH-VH43
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-16 18:30Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.
{
"affected": [],
"aliases": [
"CVE-2022-40527"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.",
"id": "GHSA-4grg-rgmh-vh43",
"modified": "2023-03-16T18:30:30Z",
"published": "2023-03-10T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40527"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HG6-GWCJ-8XVF
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
fbdev: imxfb: Removed unneeded release_mem_region
Remove unnecessary release_mem_region from the error path to prevent mem region from being released twice, which could avoid resource leak or other unexpected issues.
{
"affected": [],
"aliases": [
"CVE-2023-53448"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Removed unneeded release_mem_region\n\nRemove unnecessary release_mem_region from the error path to prevent\nmem region from being released twice, which could avoid resource leak\nor other unexpected issues.",
"id": "GHSA-4hg6-gwcj-8xvf",
"modified": "2026-01-16T21:30:29Z",
"published": "2025-10-01T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53448"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/38282a92c30422836d49e519bd109237f86a0888"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45fcc058a75bf5d65cf4c32da44a252fbe873cd4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6aa851f6276fa08cd59b044bc2b803c49edf58a2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4J82-5CCR-4R8V
Vulnerability from github – Published: 2022-02-10 00:34 – Updated: 2024-11-07 22:27Impact
A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures.
int64_t TensorByteSize(const TensorProto& t) {
// num_elements returns -1 if shape is not fully defined.
int64_t num_elems = TensorShape(t.tensor_shape()).num_elements();
return num_elems < 0 ? -1 : num_elems * DataTypeSize(t.dtype());
}
TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow the size of an int. The PartialTensorShape constructor instead does not cause a CHECK-abort if the shape is partial, which is exactly what this function needs to be able to return -1.
Patches
We have patched the issue in GitHub commit c2426bba00a01de6913738df8fa78e0215fcce02.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
}
],
"aliases": [
"CVE-2022-23582"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-04T19:53:00Z",
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nA malicious user can cause a denial of service by altering a `SavedModel` such that [`TensorByteSize`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50) would trigger `CHECK` failures.\n\n```cc\nint64_t TensorByteSize(const TensorProto\u0026 t) {\n // num_elements returns -1 if shape is not fully defined.\n int64_t num_elems = TensorShape(t.tensor_shape()).num_elements();\n return num_elems \u003c 0 ? -1 : num_elems * DataTypeSize(t.dtype());\n}\n```\n`TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`.\n\n### Patches\nWe have patched the issue in GitHub commit [c2426bba00a01de6913738df8fa78e0215fcce02](https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02).\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
"id": "GHSA-4j82-5ccr-4r8v",
"modified": "2024-11-07T22:27:53Z",
"published": "2022-02-10T00:34:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23582"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc#L46-L50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "`CHECK`-failures in `TensorByteSize` in Tensorflow"
}
GHSA-4JW8-CP5G-24J2
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-07-04 12:30In the Linux kernel, the following vulnerability has been resolved:
ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
Replace BUG_ON() with proper error handling when inline data size exceeds PAGE_SIZE. This prevents kernel panic and allows the system to continue running while properly reporting the filesystem corruption.
The error is logged via ext4_error_inode(), the buffer head is released to prevent memory leak, and -EFSCORRUPTED is returned to indicate filesystem corruption.
{
"affected": [],
"aliases": [
"CVE-2026-31451"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running while properly reporting the filesystem corruption.\n\nThe error is logged via ext4_error_inode(), the buffer head is released\nto prevent memory leak, and -EFSCORRUPTED is returned to indicate\nfilesystem corruption.",
"id": "GHSA-4jw8-cp5g-24j2",
"modified": "2026-07-04T12:30:27Z",
"published": "2026-04-22T15:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31451"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3462a3f0716d27af51896dc8688bcf0628fb17ee"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/636e8d85a36ab6c31aafd04ee66a69b18eebee7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af25a6affeac4919e8d8c5cccc01a9d53478447e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4M38-6Q8P-P29R
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2021-1971"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-09T08:15:00Z",
"severity": "HIGH"
},
"details": "Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-4m38-6q8p-p29r",
"modified": "2022-05-24T19:14:04Z",
"published": "2022-05-24T19:14:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1971"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4M8V-5WV8-CXQR
Vulnerability from github – Published: 2022-01-21 00:00 – Updated: 2022-01-27 00:02There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.
{
"affected": [],
"aliases": [
"CVE-2021-46343"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-20T22:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Assertion \u0027context_p-\u003etoken.type == LEXER_LITERAL\u0027 failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.",
"id": "GHSA-4m8v-5wv8-cxqr",
"modified": "2022-01-27T00:02:27Z",
"published": "2022-01-21T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46343"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/4921"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4MVG-7PHP-MG7F
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-09-06 00:00A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2020-25723"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-02T01:15:00Z",
"severity": "MODERATE"
},
"details": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.",
"id": "GHSA-4mvg-7php-mg7f",
"modified": "2022-09-06T00:00:28Z",
"published": "2022-05-24T17:35:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25723"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201218-0004"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4MWX-VGQ4-7VR5
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-01-28 21:31Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an E-RAB Setup Response message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-37003"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:09Z",
"severity": "MODERATE"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Setup Response` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.",
"id": "GHSA-4mwx-vgq4-7vr5",
"modified": "2025-01-28T21:31:01Z",
"published": "2025-01-22T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37003"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4PVQ-MCWH-V9JC
Vulnerability from github – Published: 2024-04-19 15:30 – Updated: 2024-07-03 18:36In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.
{
"affected": [],
"aliases": [
"CVE-2024-31744"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-19T13:15:13Z",
"severity": "HIGH"
},
"details": "In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.",
"id": "GHSA-4pvq-mcwh-v9jc",
"modified": "2024-07-03T18:36:01Z",
"published": "2024-04-19T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31744"
},
{
"type": "WEB",
"url": "https://github.com/jasper-software/jasper/issues/381"
},
{
"type": "WEB",
"url": "https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.