CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
986 vulnerabilities reference this CWE, most recent first.
GHSA-7VC6-QMJJ-2J83
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
{
"affected": [],
"aliases": [
"CVE-2020-8621"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "In BIND 9.14.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, If a server is configured with both QNAME minimization and \u0027forward first\u0027 then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that \u0027forward only\u0027 are not affected.",
"id": "GHSA-7vc6-qmjj-2j83",
"modified": "2022-05-24T17:26:23Z",
"published": "2022-05-24T17:26:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8621"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2020-8621"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4468-1"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7VFX-HFVM-RHR8
Vulnerability from github – Published: 2023-11-02 20:44 – Updated: 2023-11-02 20:44Summary:
Sending a specially crafted intent with an invalid/empty extras de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash. sending the intent repeatedly can prevent the app using this plugin from working, resulting in a denial of service (DoS) condition.
Impact
A 3rd party app/remote attacker can exploit this vulnerability by sending a malicious intent to the target device, causing the app using this plugin from working to crash or become unresponsive, resulting in a denial of service (DoS) condition.
Mitigation
Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable.
If you want to fix older versions change the attribute android:exported of this code snippet in plugin.xml to false:
<config-file target="AndroidManifest.xml" parent="application">
<activity android:name="de.niklasmerz.cordova.biometric.BiometricActivity" android:theme="@style/TransparentTheme" android:exported="false"/>
</config-file>
Patches
Please upgrade to version 5.0.1 as soon as possible.
Please check out the release on GitHub.
For more information
If you have any questions or comments about this advisory please go to the discussion on GitHub.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "cordova-plugin-fingerprint-aio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43849"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-02T20:44:41Z",
"nvd_published_at": "2021-12-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "## Summary:\n\nSending a specially crafted intent with an invalid/empty extras `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. sending the intent repeatedly can prevent the app using this plugin from working, resulting in a denial of service (DoS) condition.\n\n## Impact\n\nA 3rd party app/remote attacker can exploit this vulnerability by sending a malicious intent to the target device, causing the app using this plugin from working to crash or become unresponsive, resulting in a denial of service (DoS) condition.\n\n## Mitigation\n\nVersion 5.0.1 of the cordova-plugin-fingerprint-aio doesn\u0027t export the activity anymore and is no longer vulnerable.\n\nIf you want to fix older versions change the attribute `android:exported` of this code snippet in plugin.xml to `false`:\n\n```xml\n\u003cconfig-file target=\"AndroidManifest.xml\" parent=\"application\"\u003e\n \u003cactivity android:name=\"de.niklasmerz.cordova.biometric.BiometricActivity\" android:theme=\"@style/TransparentTheme\" android:exported=\"false\"/\u003e\n\u003c/config-file\u003e\n``` \n\n## Patches\n\nPlease upgrade to version 5.0.1 as soon as possible.\n\nPlease check out the release on [GitHub](https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1).\n\n## For more information\nIf you have any questions or comments about this advisory please go to the discussion on [GitHub](https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/discussions/394).\n",
"id": "GHSA-7vfx-hfvm-rhr8",
"modified": "2023-11-02T20:44:41Z",
"published": "2023-11-02T20:44:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43849"
},
{
"type": "WEB",
"url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df"
},
{
"type": "PACKAGE",
"url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio"
},
{
"type": "WEB",
"url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/discussions/394"
},
{
"type": "WEB",
"url": "https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "cordova-plugin-fingerprint-aio DoS vulnerability"
}
GHSA-8254-XV48-7MRQ
Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-02-07 03:32Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Capability Info Indication message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-37018"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-22T15:15:11Z",
"severity": "HIGH"
},
"details": "Open5GS MME versions \u003c= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `UE Capability Info Indication` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.",
"id": "GHSA-8254-xv48-7mrq",
"modified": "2025-02-07T03:32:01Z",
"published": "2025-01-22T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37018"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-82MR-CW9V-6P8W
Vulnerability from github – Published: 2025-02-03 06:30 – Updated: 2025-02-03 18:30In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
{
"affected": [],
"aliases": [
"CVE-2024-20147"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T04:15:07Z",
"severity": "MODERATE"
},
"details": "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.",
"id": "GHSA-82mr-cw9v-6p8w",
"modified": "2025-02-03T18:30:40Z",
"published": "2025-02-03T06:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20147"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-82PR-9MPC-VGV5
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-10 21:30In the Linux kernel, the following vulnerability has been resolved:
ext4: fix BUG_ON() when directory entry has invalid rec_len
The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk(), called from make_indexed_dir().
------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Call Trace: ? add_dirent_to_buf+0x1b2/0x200 ext4_add_entry+0x36e/0x480 ext4_add_nondir+0x2b/0xc0 ext4_create+0x163/0x200 path_openat+0x635/0xe90 do_filp_open+0xb4/0x160 ? __create_object.isra.0+0x1de/0x3b0 ? _raw_spin_unlock+0x12/0x30 do_sys_openat2+0x91/0x150 __x64_sys_open+0x6c/0xa0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0
The fix simply adds a call to ext4_check_dir_entry() to validate the directory entry, returning -EFSCORRUPTED if the entry is invalid.
{
"affected": [],
"aliases": [
"CVE-2022-49879"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix BUG_ON() when directory entry has invalid rec_len\n\nThe rec_len field in the directory entry has to be a multiple of 4. A\ncorrupted filesystem image can be used to hit a BUG() in\next4_rec_len_to_disk(), called from make_indexed_dir().\n\n ------------[ cut here ]------------\n kernel BUG at fs/ext4/ext4.h:2413!\n ...\n RIP: 0010:make_indexed_dir+0x53f/0x5f0\n ...\n Call Trace:\n \u003cTASK\u003e\n ? add_dirent_to_buf+0x1b2/0x200\n ext4_add_entry+0x36e/0x480\n ext4_add_nondir+0x2b/0xc0\n ext4_create+0x163/0x200\n path_openat+0x635/0xe90\n do_filp_open+0xb4/0x160\n ? __create_object.isra.0+0x1de/0x3b0\n ? _raw_spin_unlock+0x12/0x30\n do_sys_openat2+0x91/0x150\n __x64_sys_open+0x6c/0xa0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe fix simply adds a call to ext4_check_dir_entry() to validate the\ndirectory entry, returning -EFSCORRUPTED if the entry is invalid.",
"id": "GHSA-82pr-9mpc-vgv5",
"modified": "2025-11-10T21:30:29Z",
"published": "2025-05-01T15:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49879"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/156451a67b93986fb07c274ef6995ff40766c5ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17a0bc9bd697f75cfdf9b378d5eb2d7409c91340"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/999cff2b6ce3b45c08abf793bf55534777421327"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce1ee2c8827fb6493e91acbd50f664cf2a972c3d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-835V-J5FW-QQVQ
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
{
"affected": [],
"aliases": [
"CVE-2017-3136"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-16T20:29:00Z",
"severity": "MODERATE"
},
"details": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8.",
"id": "GHSA-835v-j5fw-qqvq",
"modified": "2022-05-13T01:14:26Z",
"published": "2022-05-13T01:14:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1095"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1105"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/aa-01465"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180802-0002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3854"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97653"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038259"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-846P-JG2W-W324
Vulnerability from github – Published: 2026-01-21 16:19 – Updated: 2026-01-22 15:43Security Disclosure: Client DoS via malformed server response
Summary
If the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a DoS. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key.
Impact
Client crashes upon receiving and parsing malformed TUF metadata. This can cause long running services to enter an restart/crash loop.
Workarounds
None currently.
Affected code
The metadata.checkType function did not properly type assert the (untrusted) input causing it to panic on malformed data.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/theupdateframework/go-tuf/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23991"
],
"database_specific": {
"cwe_ids": [
"CWE-617",
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-21T16:19:28Z",
"nvd_published_at": "2026-01-22T03:15:47Z",
"severity": "MODERATE"
},
"details": "# Security Disclosure: Client DoS via malformed server response\n\n## Summary\n\nIf the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic _during parsing_, causing a DoS. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key.\n\n## Impact \n\nClient crashes upon receiving and parsing malformed TUF metadata. This can cause long running services to enter an restart/crash loop.\n\n## Workarounds\n\nNone currently. \n\n## Affected code\n\nThe `metadata.checkType` function did not properly type assert the (untrusted) input causing it to panic on malformed data.",
"id": "GHSA-846p-jg2w-w324",
"modified": "2026-01-22T15:43:38Z",
"published": "2026-01-21T16:19:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-846p-jg2w-w324"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23991"
},
{
"type": "WEB",
"url": "https://github.com/theupdateframework/go-tuf/commit/73345ab6b0eb7e59d525dac17a428f043074cef6"
},
{
"type": "PACKAGE",
"url": "https://github.com/theupdateframework/go-tuf"
},
{
"type": "WEB",
"url": "https://github.com/theupdateframework/go-tuf/releases/tag/v2.3.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "go-tuf affected by client DoS via malformed server response"
}
GHSA-84JM-4CF3-9JFM
Vulnerability from github – Published: 2022-09-16 22:13 – Updated: 2022-09-19 19:27Impact
The implementation of FractionalAvgPoolGrad does not fully validate the input orig_input_tensor_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack.
import tensorflow as tf
overlapping = True
orig_input_tensor_shape = tf.constant(-1879048192, shape=[4], dtype=tf.int64)
out_backprop = tf.constant([], shape=[0,0,0,0], dtype=tf.float64)
row_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)
col_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)
tf.raw_ops.FractionalAvgPoolGrad(orig_input_tensor_shape=orig_input_tensor_shape, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)
Patches
We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35963"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:13:23Z",
"nvd_published_at": "2022-09-16T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\noverlapping = True\norig_input_tensor_shape = tf.constant(-1879048192, shape=[4], dtype=tf.int64)\nout_backprop = tf.constant([], shape=[0,0,0,0], dtype=tf.float64)\nrow_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)\ncol_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64)\ntf.raw_ops.FractionalAvgPoolGrad(orig_input_tensor_shape=orig_input_tensor_shape, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [03a659d7be9a1154fdf5eeac221e5950fec07dad](https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.\n",
"id": "GHSA-84jm-4cf3-9jfm",
"modified": "2022-09-19T19:27:43Z",
"published": "2022-09-16T22:13:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35963"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`"
}
GHSA-87X6-PX5F-H23M
Vulnerability from github – Published: 2026-02-13 06:30 – Updated: 2026-03-02 18:31A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
{
"affected": [],
"aliases": [
"CVE-2025-48023"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-13T06:16:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier",
"id": "GHSA-87x6-px5f-h23m",
"modified": "2026-03-02T18:31:39Z",
"published": "2026-02-13T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48023"
},
{
"type": "WEB",
"url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-884X-P7QM-GQ3F
Vulnerability from github – Published: 2024-10-28 00:30 – Updated: 2024-10-30 21:30TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
{
"affected": [],
"aliases": [
"CVE-2024-50615"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-27T22:15:03Z",
"severity": "MODERATE"
},
"details": "TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.",
"id": "GHSA-884x-p7qm-gq3f",
"modified": "2024-10-30T21:30:38Z",
"published": "2024-10-28T00:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50615"
},
{
"type": "WEB",
"url": "https://github.com/leethomason/tinyxml2/issues/997"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.