CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
990 vulnerabilities reference this CWE, most recent first.
GHSA-F395-X2GF-VH84
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-03 09:33In the Linux kernel, the following vulnerability has been resolved:
crypto: tegra - Add missing CRYPTO_ALG_ASYNC
The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This causes crashes (at least). Fix this by adding the flag like what the other drivers do. Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just get ignored and overridden by the registration function anyway.
{
"affected": [],
"aliases": [
"CVE-2026-31739"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:36Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: tegra - Add missing CRYPTO_ALG_ASYNC\n\nThe tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its\nasynchronous algorithms, causing the crypto API to select them for users\nthat request only synchronous algorithms. This causes crashes (at\nleast). Fix this by adding the flag like what the other drivers do.\nAlso remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just\nget ignored and overridden by the registration function anyway.",
"id": "GHSA-f395-x2gf-vh84",
"modified": "2026-05-03T09:33:10Z",
"published": "2026-05-01T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31739"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3aea268b6d5cde3b087df9eeecc3bc620aa09513"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/429d05565eb19ee545d8a8395991372adbe4daf3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b56770d345524fc2acc143a2b85539cf7d74bc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdbf027a4504b4a86740de6beb6d18a957331839"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4CF-2W52-C853
Vulnerability from github – Published: 2024-05-06 21:30 – Updated: 2026-05-12 12:31nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
{
"affected": [],
"aliases": [
"CVE-2024-33601"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-06T20:15:11Z",
"severity": "HIGH"
},
"details": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.",
"id": "GHSA-f4cf-2w52-c853",
"modified": "2026-05-12T12:31:45Z",
"published": "2024-05-06T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240524-0014"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4HC-RVH5-8PHV
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
{
"affected": [],
"aliases": [
"CVE-2018-20217"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-26T21:29:00Z",
"severity": "MODERATE"
},
"details": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.",
"id": "GHSA-f4hc-rvh5-8phv",
"modified": "2022-05-13T01:05:39Z",
"published": "2022-05-13T01:05:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20217"
},
{
"type": "WEB",
"url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190416-0006"
},
{
"type": "WEB",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4W6-H4F5-WX45
Vulnerability from github – Published: 2022-09-16 20:56 – Updated: 2022-09-19 19:50Impact
The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:
import tensorflow as tf
tf.reshape(tensor=[[1]],shape=tf.constant([0 for i in range(255)], dtype=tf.int64))
This is another instance of TFSA-2021-198 (https://github.com/advisories/GHSA-prcg-wp5q-rv7p).
Patches
We have patched the issue in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin from Singapore Management University.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35934"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T20:56:02Z",
"nvd_published_at": "2022-09-16T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:\n```python\nimport tensorflow as tf\n\ntf.reshape(tensor=[[1]],shape=tf.constant([0 for i in range(255)], dtype=tf.int64))\n```\nThis is another instance of [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (https://github.com/advisories/GHSA-prcg-wp5q-rv7p).\n\n### Patches\nWe have patched the issue in GitHub commit [61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555](https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin from Singapore Management University.\n",
"id": "GHSA-f4w6-h4f5-wx45",
"modified": "2022-09-19T19:50:23Z",
"published": "2022-09-16T20:56:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35934"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows"
}
GHSA-F6GF-3CJ7-46VV
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.
{
"affected": [],
"aliases": [
"CVE-2026-9501"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-25T21:16:35Z",
"severity": "LOW"
},
"details": "A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.",
"id": "GHSA-f6gf-3cj7-46vv",
"modified": "2026-05-26T13:30:51Z",
"published": "2026-05-26T13:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9501"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/issues/1242"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9"
},
{
"type": "WEB",
"url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_assert_fail_decompress_R2004_section.dwg"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/814250"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365483"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365483/cti"
},
{
"type": "WEB",
"url": "https://www.gnu.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F6PX-4W9C-RJ4F
Vulnerability from github – Published: 2026-07-15 00:31 – Updated: 2026-07-15 15:32A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic (emberAfLevelControlClusterServerTickCallback). When a MoveToLevel command is executed and followed by a conflicting write to the OperationMode attribute (in the Pump Configuration and Control cluster), an invariant check (minLevel < currentLevel) fails and causes the device to abort. This leads to a denial of service condition. The issue is confirmed in SDK versions 1.3 and 1.4 (commit ab3d5ae), and is triggered remotely without authentication.
{
"affected": [],
"aliases": [
"CVE-2025-56361"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T22:16:50Z",
"severity": "HIGH"
},
"details": "A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3 thru 1.4, specifically within the Level Control cluster\u0027s server tick logic (`emberAfLevelControlClusterServerTickCallback`). When a MoveToLevel command is executed and followed by a conflicting write to the OperationMode attribute (in the Pump Configuration and Control cluster), an invariant check (`minLevel \u003c currentLevel`) fails and causes the device to abort. This leads to a denial of service condition. The issue is confirmed in SDK versions 1.3 and 1.4 (commit ab3d5ae), and is triggered remotely without authentication.",
"id": "GHSA-f6px-4w9c-rj4f",
"modified": "2026-07-15T15:32:59Z",
"published": "2026-07-15T00:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56361"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip/issues/38619"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F72G-C5HF-789V
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21778"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-25T19:15:00Z",
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.",
"id": "GHSA-f72g-c5hf-789v",
"modified": "2022-05-24T19:12:11Z",
"published": "2022-05-24T19:12:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21778"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1236"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F7JC-5GW7-PHRF
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
{
"affected": [],
"aliases": [
"CVE-2017-17432"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-06T00:29:00Z",
"severity": "HIGH"
},
"details": "OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.",
"id": "GHSA-f7jc-5gw7-phrf",
"modified": "2022-05-13T01:44:24Z",
"published": "2022-05-13T01:44:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17432"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/883602"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"type": "WEB",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F82F-54FM-GRWM
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
{
"affected": [],
"aliases": [
"CVE-2021-20272"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-09T14:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.",
"id": "GHSA-f82f-54fm-grwm",
"modified": "2022-05-24T17:43:53Z",
"published": "2022-05-24T17:43:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20272"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"type": "WEB",
"url": "https://www.privoxy.org/announce.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F8C8-333M-6M26
Vulnerability from github – Published: 2023-07-14 00:30 – Updated: 2024-04-04 06:07libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2023-37836"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-13T23:15:11Z",
"severity": "MODERATE"
},
"details": "libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.",
"id": "GHSA-f8c8-333m-6m26",
"modified": "2024-04-04T06:07:49Z",
"published": "2023-07-14T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37836"
},
{
"type": "WEB",
"url": "https://github.com/thorfdbg/libjpeg/issues/87#BUG1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.