CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-5QM6-J92F-79JP
Vulnerability from github – Published: 2023-11-02 18:30 – Updated: 2025-11-04 00:30A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
{
"affected": [],
"aliases": [
"CVE-2023-38473"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-02T16:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.",
"id": "GHSA-5qm6-j92f-79jp",
"modified": "2025-11-04T00:30:41Z",
"published": "2023-11-02T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38473"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-38473"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191694"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5R25-9PPQ-M6J9
Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-03 00:00There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.
{
"affected": [],
"aliases": [
"CVE-2021-46508"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Assertion `i \u003c parts_cnt\u0027 failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.",
"id": "GHSA-5r25-9ppq-m6j9",
"modified": "2022-02-03T00:00:32Z",
"published": "2022-01-28T00:01:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46508"
},
{
"type": "WEB",
"url": "https://github.com/cesanta/mjs/issues/188"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5RX7-3W8F-H49W
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
{
"affected": [],
"aliases": [
"CVE-2018-14045"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-13T15:29:00Z",
"severity": "HIGH"
},
"details": "The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.",
"id": "GHSA-5rx7-3w8f-h49w",
"modified": "2022-05-13T01:49:53Z",
"published": "2022-05-13T01:49:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14045"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V57-X2WG-79RM
Vulnerability from github – Published: 2023-12-05 03:30 – Updated: 2023-12-05 03:30Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
{
"affected": [],
"aliases": [
"CVE-2023-33041"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T03:15:11Z",
"severity": "HIGH"
},
"details": "Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.",
"id": "GHSA-5v57-x2wg-79rm",
"modified": "2023-12-05T03:30:22Z",
"published": "2023-12-05T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33041"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V8M-2MHG-5WV4
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 18:31A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
{
"affected": [],
"aliases": [
"CVE-2024-24424"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:12Z",
"severity": "HIGH"
},
"details": "A reachable assertion in the decode_access_point_name_ie function of Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.",
"id": "GHSA-5v8m-2mhg-5wv4",
"modified": "2025-01-23T18:31:18Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24424"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5VH3-FX9F-223V
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged userspace via crafted DRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a scheduler worker thread.
Replace both BUG_ON() calls with WARN_ON() to log the condition without crashing the kernel. A misaligned fence address at this point indicates a driver bug, but crashing the kernel is never the correct response when the assertion is reachable from userspace.
The CS IOCTL path is the correct place to filter invalid submissions; the ring emission callback is too late to do anything about it.
(cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)
{
"affected": [],
"aliases": [
"CVE-2026-46220"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission\n\nsdma_v4_0_ring_emit_fence() contains two BUG_ON(addr \u0026 0x3) assertions\nthat verify fence writeback addresses are dword-aligned. These\nassertions can be reached from unprivileged userspace via crafted\nDRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a\nscheduler worker thread.\n\nReplace both BUG_ON() calls with WARN_ON() to log the condition without\ncrashing the kernel. A misaligned fence address at this point indicates\na driver bug, but crashing the kernel is never the correct response when\nthe assertion is reachable from userspace.\n\nThe CS IOCTL path is the correct place to filter invalid submissions;\nthe ring emission callback is too late to do anything about it.\n\n(cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)",
"id": "GHSA-5vh3-fx9f-223v",
"modified": "2026-06-10T21:31:25Z",
"published": "2026-05-28T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46220"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b91ea46bb68abf98a082bf239092253bbd6aaa2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/25e7d56a39657d56d1ea6d78992f7ed15dedb412"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4f7ca00fa91daf0795ec6b3b130c5ebba1f155fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78d2e624fa073c14970aa097adcf3ea31c157a66"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a4fd82fb0757c180bf622907397c528b89a827b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d331fb241a4602253976ddd65144a8ba2b05665d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4c56932d29773e278be6a65a5384a36c95b89a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ecaa80318e900ca0c3f687742ede33b41cfd2f8e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W4C-X7FV-V2G8
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:07An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2022-35205"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:23Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.",
"id": "GHSA-5w4c-x7fv-v2g8",
"modified": "2024-04-04T07:07:03Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35205"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0010"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29289"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X2C-7CWV-6FV6
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
{
"affected": [],
"aliases": [
"CVE-2018-9252"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-04T02:29:00Z",
"severity": "MODERATE"
},
"details": "JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.",
"id": "GHSA-5x2c-7cwv-6fv6",
"modified": "2022-05-13T01:16:06Z",
"published": "2022-05-13T01:16:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9252"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/issues/173"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5X2P-VJM5-P7GJ
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 18:30Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2022-25675"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",
"id": "GHSA-5x2p-vjm5-p7gj",
"modified": "2022-12-15T18:30:23Z",
"published": "2022-12-13T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25675"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5XMQ-MWGG-PJP2
Vulnerability from github – Published: 2025-01-22 18:31 – Updated: 2025-02-03 15:32A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
{
"affected": [],
"aliases": [
"CVE-2024-24429"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T16:15:28Z",
"severity": "HIGH"
},
"details": "A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS \u003c= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.",
"id": "GHSA-5xmq-mwgg-pjp2",
"modified": "2025-02-03T15:32:02Z",
"published": "2025-01-22T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24429"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.