CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-9RMP-2568-59RV
Vulnerability from github – Published: 2024-12-05 17:30 – Updated: 2025-12-26 16:30During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data.
Impact
When processing malformed input, rpgp can run into Rust panics which halt the program.
This can happen in the following scenarios:
* Parsing OpenPGP messages from binary or armor format
* Decrypting OpenPGP messages via decrypt_with_password()
* Parsing or converting public keys
* Parsing signed cleartext messages from armor format
* Using malformed private keys to sign or encrypt
Given the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the rpgp library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge.
The result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity security properties.
Versions and Patches
All recent versions are affected by at least some of the above mentioned issues.
The vulnerabilities have been fixed with version 0.14.1. We recommend all users to upgrade to this version.
References
The security audit was made possible by the NLnet Foundation NGI Zero Core grant program for rpgp.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pgp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-53856"
],
"database_specific": {
"cwe_ids": [
"CWE-130",
"CWE-248",
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-05T17:30:52Z",
"nvd_published_at": "2024-12-05T16:15:26Z",
"severity": "HIGH"
},
"details": "During a security audit, [Radically Open Security](https://www.radicallyopensecurity.com/) discovered several reachable edge cases which allow an attacker to trigger `rpgp` crashes by providing crafted data.\n\n### Impact\nWhen processing malformed input, `rpgp` can run into Rust panics which halt the program.\n\nThis can happen in the following scenarios:\n* Parsing OpenPGP messages from binary or armor format\n* Decrypting OpenPGP messages via `decrypt_with_password()`\n* Parsing or converting public keys\n* Parsing signed cleartext messages from armor format\n* Using malformed private keys to sign or encrypt\n\nGiven the affected components, we consider most attack vectors to be reachable by remote attackers during typical use cases of the `rpgp` library. The attack complexity is low since the malformed messages are generic, short, and require no victim-specific knowledge.\n\nThe result is a denial-of-service impact via program termination. There is no impact to confidentiality or integrity security properties.\n\n### Versions and Patches\nAll recent versions are affected by at least some of the above mentioned issues. \n\nThe vulnerabilities have been fixed with version `0.14.1`. We recommend all users to upgrade to this version.\n\n### References\n\n\nThe security audit was made possible by the [NLnet Foundation NGI Zero Core](https://nlnet.nl/core/) grant program [for rpgp](https://nlnet.nl/project/rPGP-cryptorefresh/).",
"id": "GHSA-9rmp-2568-59rv",
"modified": "2025-12-26T16:30:25Z",
"published": "2024-12-05T17:30:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53856"
},
{
"type": "PACKAGE",
"url": "https://github.com/rpgp/rpgp"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0447.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rPGP Panics on Malformed Untrusted Input"
}
GHSA-9RMR-PW3X-X887
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 21:31A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an Emergency Number List Information Element.
{
"affected": [],
"aliases": [
"CVE-2023-37024"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:09Z",
"severity": "HIGH"
},
"details": "A reachable assertion in the Mobile Management Entity (MME) of Magma versions \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.",
"id": "GHSA-9rmr-pw3x-x887",
"modified": "2025-01-23T21:31:51Z",
"published": "2025-01-22T00:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37024"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9RVG-45QW-FJJR
Vulnerability from github – Published: 2026-06-01 18:31 – Updated: 2026-06-01 21:30FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending two E2_SETUP_REQUESTs with the same E2 node configuration, triggering SIGABRT.
{
"affected": [],
"aliases": [
"CVE-2026-37224"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T17:16:58Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending two E2_SETUP_REQUESTs with the same E2 node configuration, triggering SIGABRT.",
"id": "GHSA-9rvg-45qw-fjjr",
"modified": "2026-06-01T21:30:41Z",
"published": "2026-06-01T18:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37224"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37224.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9V8W-XMR4-WGXP
Vulnerability from github – Published: 2022-09-16 22:14 – Updated: 2022-09-19 19:53Impact
When TensorListFromTensor receives an element_shape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack.
import tensorflow as tf
arg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None)
arg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=65536)
arg_2=''
tf.raw_ops.TensorListFromTensor(tensor=arg_0, element_shape=arg_1, name=arg_2)
Patches
We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35992"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:14:20Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(6, 6, 2), dtype=tf.bfloat16, maxval=None)\narg_1=tf.random.uniform(shape=(6, 9, 1, 3), dtype=tf.int64, maxval=65536)\narg_2=\u0027\u0027\ntf.raw_ops.TensorListFromTensor(tensor=arg_0, element_shape=arg_1, name=arg_2)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [3db59a042a38f4338aa207922fa2f476e000a6ee](https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \u5218\u529b\u6e90, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n",
"id": "GHSA-9v8w-xmr4-wgxp",
"modified": "2022-09-19T19:53:42Z",
"published": "2022-09-16T22:14:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35992"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/3db59a042a38f4338aa207922fa2f476e000a6ee"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`"
}
GHSA-9V99-6QCM-J8G8
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:33Assertion occurs while processing Reconfiguration message due to improper validation
{
"affected": [],
"aliases": [
"CVE-2022-22060"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:09Z",
"severity": "HIGH"
},
"details": "Assertion occurs while processing Reconfiguration message due to improper validation",
"id": "GHSA-9v99-6qcm-j8g8",
"modified": "2024-04-04T04:33:32Z",
"published": "2023-06-06T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22060"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VGR-6GPQ-2RJ5
Vulnerability from github – Published: 2025-01-08 18:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.
{
"affected": [],
"aliases": [
"CVE-2024-56783"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-08T18:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level\n\ncgroup maximum depth is INT_MAX by default, there is a cgroup toggle to\nrestrict this maximum depth to a more reasonable value not to harm\nperformance. Remove unnecessary WARN_ON_ONCE which is reachable from\nuserspace.",
"id": "GHSA-9vgr-6gpq-2rj5",
"modified": "2025-11-03T21:32:06Z",
"published": "2025-01-08T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56783"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f9bec0a749eb646b384fde0c7b7c24687b2ffae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7064a6daa4a700a298fe3aee11dea296bfe59fc4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7529880cb961d515642ce63f9d7570869bbbdc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e227c042580ab065edc610c9ddc9bea691e6fc4d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VJ3-C3F5-QHQX
Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-11-25 21:32In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: HWS, fix complex rules rehash error flow
Moving rules from matcher to matcher should not fail. However, if it does fail due to various reasons, the error flow should allow the kernel to continue functioning (albeit with broken steering rules) instead of going into series of soft lock-ups or some other problematic behaviour.
Similar to the simple rules, complex rules rehash logic suffers from the same problems. This patch fixes the error flow for moving complex rules: - If new rule creation fails before it was even enqeued, do not poll for completion - If TIMEOUT happened while moving the rule, no point trying to poll for completions for other rules. Something is broken, completion won't come, just abort the rehash sequence. - If some other completion with error received, don't give up. Continue handling rest of the rules to minimize the damage. - Make sure that the first error code that was received will be actually returned to the caller instead of replacing it with the generic error code.
All the aforementioned issues stem from the same bad error flow, so no point fixing them one by one and leaving partially broken code - fixing them in one patch.
{
"affected": [],
"aliases": [
"CVE-2025-39768"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-11T17:15:42Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix complex rules rehash error flow\n\nMoving rules from matcher to matcher should not fail.\nHowever, if it does fail due to various reasons, the error flow\nshould allow the kernel to continue functioning (albeit with broken\nsteering rules) instead of going into series of soft lock-ups or\nsome other problematic behaviour.\n\nSimilar to the simple rules, complex rules rehash logic suffers\nfrom the same problems. This patch fixes the error flow for moving\ncomplex rules:\n - If new rule creation fails before it was even enqeued, do not\n poll for completion\n - If TIMEOUT happened while moving the rule, no point trying\n to poll for completions for other rules. Something is broken,\n completion won\u0027t come, just abort the rehash sequence.\n - If some other completion with error received, don\u0027t give up.\n Continue handling rest of the rules to minimize the damage.\n - Make sure that the first error code that was received will\n be actually returned to the caller instead of replacing it\n with the generic error code.\n\nAll the aforementioned issues stem from the same bad error flow,\nso no point fixing them one by one and leaving partially broken\ncode - fixing them in one patch.",
"id": "GHSA-9vj3-c3f5-qhqx",
"modified": "2025-11-25T21:32:04Z",
"published": "2025-09-11T18:35:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39768"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/37d54bc28d092bc3b314da45d730f00e9d86ec2a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a842b1bf18a32ee0c25dd6dd98728b786a76fe4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VQJ-64PV-W55C
Vulnerability from github – Published: 2022-09-16 22:28 – Updated: 2022-09-19 19:38Impact
When tf.linalg.matrix_rank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
a = tf.constant([], shape=[0, 1, 1], dtype=tf.float32)
tf.linalg.matrix_rank(a=a)
Patches
We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35988"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:28:41Z",
"nvd_published_at": "2022-09-16T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\na = tf.constant([], shape=[0, 1, 1], dtype=tf.float32)\ntf.linalg.matrix_rank(a=a)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a](https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin.\n",
"id": "GHSA-9vqj-64pv-w55c",
"modified": "2022-09-19T19:38:15Z",
"published": "2022-09-16T22:28:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35988"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`"
}
GHSA-9VRP-VJF9-XH3R
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.
{
"affected": [],
"aliases": [
"CVE-2020-23310"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-10T23:15:00Z",
"severity": "HIGH"
},
"details": "There is an Assertion \u0027context_p-\u003enext_scanner_info_p-\u003etype == SCANNER_TYPE_FUNCTION\u0027 failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.",
"id": "GHSA-9vrp-vjf9-xh3r",
"modified": "2022-05-24T19:05:14Z",
"published": "2022-05-24T19:05:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23310"
},
{
"type": "WEB",
"url": "https://github.com/jerryscript-project/jerryscript/issues/3821"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9WJ8-JC24-2M5J
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
{
"affected": [],
"aliases": [
"CVE-2020-11280"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-22T07:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"id": "GHSA-9wj8-jc24-2m5j",
"modified": "2022-05-24T17:42:47Z",
"published": "2022-05-24T17:42:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11280"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.