CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-FF5W-PJXM-V3RR
Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-02-26 18:31In the Linux kernel, the following vulnerability has been resolved:
libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.
{
"affected": [],
"aliases": [
"CVE-2026-22990"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T16:15:55Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: replace overzealous BUG_ON in osdmap_apply_incremental()\n\nIf the osdmap is (maliciously) corrupted such that the incremental\nosdmap epoch is different from what is expected, there is no need to\nBUG. Instead, just declare the incremental osdmap to be invalid.",
"id": "GHSA-ff5w-pjxm-v3rr",
"modified": "2026-02-26T18:31:35Z",
"published": "2026-01-23T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22990"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FFJ7-8WCX-CPRG
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-08-16 00:00In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
{
"affected": [],
"aliases": [
"CVE-2020-16092"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.",
"id": "GHSA-ffj7-8wcx-cprg",
"modified": "2022-08-16T00:00:44Z",
"published": "2022-05-24T17:25:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16092"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200821-0006"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4467-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/08/10/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FFJG-532Q-8RR8
Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-09-24 21:30In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix transaction atomicity bug when enabling simple quotas
Set squota incompat bit before committing the transaction that enables the feature.
With the config CONFIG_BTRFS_ASSERT enabled, an assertion failure occurs regarding the simple quota feature.
[5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365 [5.597098] ------------[ cut here ]------------ [5.597371] kernel BUG at fs/btrfs/qgroup.c:365! [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146 [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0 [5.604303] [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.605538] ? exc_invalid_op+0x56/0x70 [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606066] ? asm_exc_invalid_op+0x1f/0x30 [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.607038] ? try_to_wake_up+0x317/0x760 [5.607286] open_ctree+0xd9c/0x1710 [5.607509] btrfs_get_tree+0x58a/0x7e0 [5.608002] vfs_get_tree+0x2e/0x100 [5.608224] fc_mount+0x16/0x60 [5.608420] btrfs_get_tree+0x2f8/0x7e0 [5.608897] vfs_get_tree+0x2e/0x100 [5.609121] path_mount+0x4c8/0xbc0 [5.609538] __x64_sys_mount+0x10d/0x150
The issue can be easily reproduced using the following reproducer:
root@q:linux# cat repro.sh set -e
mkfs.btrfs -q -f /dev/sdb mount /dev/sdb /mnt/btrfs btrfs quota enable -s /mnt/btrfs umount /mnt/btrfs mount /dev/sdb /mnt/btrfs
The issue is that when enabling quotas, at btrfs_quota_enable(), we set BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info->qgroup_flags and persist it in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but we only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we commit the transaction used to enable simple quotas.
This means that if after that transaction commit we unmount the filesystem without starting and committing any other transaction, or we have a power failure, the next time we mount the filesystem we will find the flag BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key BTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an assertion failure at:
btrfs_read_qgroup_config() -> qgroup_read_enable_gen()
To fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag immediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE. This ensures that both flags are flushed to disk within the same transaction.
{
"affected": [],
"aliases": [
"CVE-2024-57806"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T13:15:30Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix transaction atomicity bug when enabling simple quotas\n\nSet squota incompat bit before committing the transaction that enables\nthe feature.\n\nWith the config CONFIG_BTRFS_ASSERT enabled, an assertion\nfailure occurs regarding the simple quota feature.\n\n [5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365\n [5.597098] ------------[ cut here ]------------\n [5.597371] kernel BUG at fs/btrfs/qgroup.c:365!\n [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146\n [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0\n [5.604303] \u003cTASK\u003e\n [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.605538] ? exc_invalid_op+0x56/0x70\n [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.606066] ? asm_exc_invalid_op+0x1f/0x30\n [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0\n [5.607038] ? try_to_wake_up+0x317/0x760\n [5.607286] open_ctree+0xd9c/0x1710\n [5.607509] btrfs_get_tree+0x58a/0x7e0\n [5.608002] vfs_get_tree+0x2e/0x100\n [5.608224] fc_mount+0x16/0x60\n [5.608420] btrfs_get_tree+0x2f8/0x7e0\n [5.608897] vfs_get_tree+0x2e/0x100\n [5.609121] path_mount+0x4c8/0xbc0\n [5.609538] __x64_sys_mount+0x10d/0x150\n\nThe issue can be easily reproduced using the following reproducer:\n\n root@q:linux# cat repro.sh\n set -e\n\n mkfs.btrfs -q -f /dev/sdb\n mount /dev/sdb /mnt/btrfs\n btrfs quota enable -s /mnt/btrfs\n umount /mnt/btrfs\n mount /dev/sdb /mnt/btrfs\n\nThe issue is that when enabling quotas, at btrfs_quota_enable(), we set\nBTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info-\u003eqgroup_flags and persist\nit in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but\nwe only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we\ncommit the transaction used to enable simple quotas.\n\nThis means that if after that transaction commit we unmount the filesystem\nwithout starting and committing any other transaction, or we have a power\nfailure, the next time we mount the filesystem we will find the flag\nBTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key\nBTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit\nBTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an\nassertion failure at:\n\n btrfs_read_qgroup_config() -\u003e qgroup_read_enable_gen()\n\nTo fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag\nimmediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE.\nThis ensures that both flags are flushed to disk within the same\ntransaction.",
"id": "GHSA-ffjg-532q-8rr8",
"modified": "2025-09-24T21:30:31Z",
"published": "2025-01-11T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57806"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b87c9b9ba05ba6e8e2ee9ecd29a8c930b35648ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2363e6fcc7938c5f0f6ac066fad0dd247598b51"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FG2P-G438-RJR4
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-36691"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-30T20:15:00Z",
"severity": "HIGH"
},
"details": "libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.",
"id": "GHSA-fg2p-g438-rjr4",
"modified": "2022-05-24T19:12:25Z",
"published": "2022-05-24T19:12:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36691"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/issues/422"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FG3F-MXC7-MXH6
Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-03 00:00There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0.
{
"affected": [],
"aliases": [
"CVE-2021-46504"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "There is an Assertion \u0027vp != resPtr\u0027 failed at jsiEval.c in Jsish v3.5.0.",
"id": "GHSA-fg3f-mxc7-mxh6",
"modified": "2022-02-03T00:00:33Z",
"published": "2022-01-28T00:01:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46504"
},
{
"type": "WEB",
"url": "https://github.com/pcmacdon/jsish/issues/51"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FG7C-83G8-7VG3
Vulnerability from github – Published: 2026-02-02 09:30 – Updated: 2026-02-03 00:30In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
{
"affected": [],
"aliases": [
"CVE-2026-20405"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-02T09:15:55Z",
"severity": "HIGH"
},
"details": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.",
"id": "GHSA-fg7c-83g8-7vg3",
"modified": "2026-02-03T00:30:18Z",
"published": "2026-02-02T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20405"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FGJW-5P88-VMRP
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-13132"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-23T03:29:00Z",
"severity": "MODERATE"
},
"details": "In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the \"dump uncompressed PseudoColor packets\" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.",
"id": "GHSA-fgjw-5p88-vmrp",
"modified": "2022-05-13T01:43:02Z",
"published": "2022-05-13T01:43:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13132"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/674"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100458"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FH54-998J-J424
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2025-11-03 21:30An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
{
"affected": [],
"aliases": [
"CVE-2022-37051"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:23Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.",
"id": "GHSA-fh54-998j-j424",
"modified": "2025-11-03T21:30:53Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37051"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FH6G-C662-CCCM
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary.
{
"affected": [],
"aliases": [
"CVE-2018-17231"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-19T22:29:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an \"Edit color palette\" search that triggers an \"index out of range\" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary.",
"id": "GHSA-fh6g-c662-cccm",
"modified": "2022-05-13T01:50:32Z",
"published": "2022-05-13T01:50:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17231"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2018/09/19/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FH6R-7J2F-PMW4
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2024-04-04 02:55In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
{
"affected": [],
"aliases": [
"CVE-2020-8622"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.",
"id": "GHSA-fh6r-7j2f-pmw4",
"modified": "2024-04-04T02:55:50Z",
"published": "2022-05-24T17:26:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8622"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2020-8622"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4468-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4468-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.