Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-88GH-WQJ4-3FXR

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-10-26 12:00
VLAI
Details

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-27T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.",
  "id": "GHSA-88gh-wqj4-3fxr",
  "modified": "2022-10-26T12:00:40Z",
  "published": "2022-05-24T19:03:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30501"
    },
    {
      "type": "WEB",
      "url": "https://github.com/upx/upx/issues/486"
    },
    {
      "type": "WEB",
      "url": "https://github.com/upx/upx/pull/487"
    },
    {
      "type": "WEB",
      "url": "https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88JR-VQF8-XRXX

Vulnerability from github – Published: 2025-01-06 06:30 – Updated: 2025-01-06 15:30
VLAI
Details

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.",
  "id": "GHSA-88jr-vqf8-xrxx",
  "modified": "2025-01-06T15:30:59Z",
  "published": "2025-01-06T06:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20152"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/January-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88PC-G4M6-PVHP

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI
Details

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-03T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.",
  "id": "GHSA-88pc-g4m6-pvhp",
  "modified": "2022-05-13T01:52:36Z",
  "published": "2022-05-13T01:52:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4113"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201808-04"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208693"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208694"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208695"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208696"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208697"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208698"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3635-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88V5-46C4-6CXW

Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-09-26 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ovl: support encoding fid from inode with no alias

Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches.

The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion.

As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FAN_DELETE_SELF fanotify events.

As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovl_encode_fh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovl_encode_fh() never needs to use the alias to encode a file handle.

Defer finding an alias until it is actually needed so ovl_encode_fh() will not fail in the common case of FAN_DELETE_SELF fanotify events.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-19T11:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: support encoding fid from inode with no alias\n\nDmitry Safonov reported that a WARN_ON() assertion can be trigered by\nuserspace when calling inotify_show_fdinfo() for an overlayfs watched\ninode, whose dentry aliases were discarded with drop_caches.\n\nThe WARN_ON() assertion in inotify_show_fdinfo() was removed, because\nit is possible for encoding file handle to fail for other reason, but\nthe impact of failing to encode an overlayfs file handle goes beyond\nthis assertion.\n\nAs shown in the LTP test case mentioned in the link below, failure to\nencode an overlayfs file handle from a non-aliased inode also leads to\nfailure to report an fid with FAN_DELETE_SELF fanotify events.\n\nAs Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails\nif it cannot find an alias for the inode, but this failure can be fixed.\novl_encode_fh() seldom uses the alias and in the case of non-decodable\nfile handles, as is often the case with fanotify fid info,\novl_encode_fh() never needs to use the alias to encode a file handle.\n\nDefer finding an alias until it is actually needed so ovl_encode_fh()\nwill not fail in the common case of FAN_DELETE_SELF fanotify events.",
  "id": "GHSA-88v5-46c4-6cxw",
  "modified": "2025-09-26T21:30:27Z",
  "published": "2025-01-19T12:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21654"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c7c90274ae339e1ad443c9be1c67a20b80b9c76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/950b604384fd75d62e860bec7135b2b62eb4d508"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1a541fbfa7e97c1100144db34b57553d7164ce5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c45beebfde34aa71afbc48b2c54cdda623515037"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0c0ac84de17c37e6e84da65fb920f91dada55ad"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89RJ-5GGJ-3P9P

Vulnerability from github – Published: 2021-10-12 22:03 – Updated: 2021-11-18 15:29
VLAI
Summary
Reachable Assertion in OpenCV.
Details

In OpenCV 3.3.1 (corresponds with OpenCV-Python 3.3.1.11), an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.1.11"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "opencv-python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.1.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.1.11"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "opencv-contrib-python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.1.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-5269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-07T19:49:56Z",
    "nvd_published_at": "2018-01-08T05:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In OpenCV 3.3.1 (corresponds with OpenCV-Python 3.3.1.11), an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.",
  "id": "GHSA-89rj-5ggj-3p9p",
  "modified": "2021-11-18T15:29:39Z",
  "published": "2021-10-12T22:03:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5269"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencv/opencv/issues/10540"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencv/opencv/pull/10563"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/opencv/opencv-python"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106945"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reachable Assertion in OpenCV."
}

GHSA-8C82-XJ9X-MXGJ

Vulnerability from github – Published: 2024-01-23 09:30 – Updated: 2025-11-04 21:31
VLAI
Details

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T09:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
  "id": "GHSA-8c82-xj9x-mxgj",
  "modified": "2025-11-04T21:31:04Z",
  "published": "2024-01-23T09:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23850"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8CWF-CG6R-CRCF

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2025-04-20 03:50
VLAI
Details

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging \"full\" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.",
  "id": "GHSA-8cwf-cg6r-crcf",
  "modified": "2025-04-20T03:50:15Z",
  "published": "2022-05-13T01:44:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16818"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515872"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6VJA32U7HKGDRJQDJVM7JBYWD4T7BJL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6VJA32U7HKGDRJQDJVM7JBYWD4T7BJL"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8F95-9VR9-HXF2

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2025-04-20 03:42
VLAI
Details

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-09T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.",
  "id": "GHSA-8f95-9vr9-hxf2",
  "modified": "2025-04-20T03:42:52Z",
  "published": "2022-05-13T01:28:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11368"
    },
    {
      "type": "WEB",
      "url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0666"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8FQV-XW49-GH95

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-06-29 00:00
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-11T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.",
  "id": "GHSA-8fqv-xw49-gh95",
  "modified": "2022-06-29T00:00:30Z",
  "published": "2022-05-24T19:02:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20265"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/May/11"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8HPX-Q4CX-GFXW

Vulnerability from github – Published: 2025-01-29 00:31 – Updated: 2025-01-29 15:31
VLAI
Details

An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-617",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-28T23:15:08Z",
    "severity": "HIGH"
  },
  "details": "An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.",
  "id": "GHSA-8hpx-q4cx-gfxw",
  "modified": "2025-01-29T15:31:34Z",
  "published": "2025-01-29T00:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57519"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/3635"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/commit/08b9e7c55f72649ef25b5407e7e4d938f0f16531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/f4rs1ght/vuln-research/tree/main/CVE-2024-57519"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.