Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-H7FF-CFC9-WMMH

Vulnerability from github – Published: 2022-09-16 22:15 – Updated: 2022-09-19 19:51
VLAI
Summary
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`
Details

Impact

When tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack.

import tensorflow as tf
arg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_2=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_3=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_4=8
arg_5=False
arg_6=None
tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient(gradients=arg_0, 
            inputs=arg_1, min=arg_2,  max=arg_3, num_bits=arg_4, 
            narrow_range=arg_5, name=arg_6)

Patches

We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed.

The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by - 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology - Neophytos Christou, Secure Systems Labs, Brown University

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T22:15:21Z",
    "nvd_published_at": "2022-09-16T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_2=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_3=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_4=8\narg_5=False\narg_6=None\ntf.quantization.fake_quant_with_min_max_vars_per_channel_gradient(gradients=arg_0, \n            inputs=arg_1, min=arg_2,  max=arg_3, num_bits=arg_4, \n            narrow_range=arg_5, name=arg_6)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \n - \u5218\u529b\u6e90, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n - Neophytos Christou, Secure Systems Labs, Brown University\n",
  "id": "GHSA-h7ff-cfc9-wmmh",
  "modified": "2022-09-19T19:51:34Z",
  "published": "2022-09-16T22:15:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": " TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`"
}

GHSA-H9CC-W26M-J342

Vulnerability from github – Published: 2026-05-21 19:45 – Updated: 2026-06-10 13:41
VLAI
Summary
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Details

Impact

A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the hosting process.

A secondary panic existed in Commitment::From<[u8; 32]>, which similarly called .unwrap() on a failing curve point decompression.

Who is affected: Browser and desktop wallet users of the web-client WASM library and the nimiq-wallet crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include a crafted public key in a multisig setup — this is not a remotely triggerable node/validator crash.

Who is NOT affected: Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig delinearization path.

Patches

See PR.

Workarounds

No code-level workaround exists short of the patch. Users of wallet applications can mitigate exposure by only performing multisig operations with public keys received from trusted sources.

Resources

  • Affected code: keys/src/multisig/mod.rs, keys/src/multisig/commitment.rs
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "nimiq-keys"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T19:45:08Z",
    "nvd_published_at": "2026-06-10T00:16:54Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. `Ed25519PublicKey::delinearize()` in `keys/src/multisig/mod.rs` called `.unwrap()` on curve point decompression, which panics when a public key is\nconstructed from 32 bytes that do not represent a valid point on the Ed25519 curve. `Ed25519PublicKey` construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the\nhosting process.\n\nA secondary panic existed in `Commitment::From\u003c[u8; 32]\u003e`, which similarly called `.unwrap()` on a failing curve point decompression.\n\n**Who is affected:** Browser and desktop wallet users of the web-client WASM library and the `nimiq-wallet` crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include\na crafted public key in a multisig setup \u2014 this is not a remotely triggerable node/validator crash.\n\n**Who is NOT affected:** Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig  delinearization path.\n\n### Patches\n\nSee [PR](https://github.com/nimiq/core-rs-albatross/pull/3713).\n\n### Workarounds\n\nNo code-level workaround exists short of the patch. Users of wallet applications can mitigate exposure by only performing multisig operations with public keys received from trusted sources.\n\n### Resources\n- Affected code: `keys/src/multisig/mod.rs`, `keys/src/multisig/commitment.rs`",
  "id": "GHSA-h9cc-w26m-j342",
  "modified": "2026-06-10T13:41:32Z",
  "published": "2026-05-21T19:45:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-h9cc-w26m-j342"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46542"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/pull/3713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/commit/3bc449a8138960c4de6bfd506bad1730c621d4de"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nimiq/core-rs-albatross"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points"
}

GHSA-H9P5-352Q-GR22

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 06:30
VLAI
Details

Denial of service in MODEM due to reachable assertion in Snapdragon Mobile

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service in MODEM due to reachable assertion in Snapdragon Mobile",
  "id": "GHSA-h9p5-352q-gr22",
  "modified": "2022-11-18T06:30:35Z",
  "published": "2022-11-15T12:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25671"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HC4X-FM75-Q3WC

Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)

Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));

Return -EINVAL early if COW mapping is detected.

This bug affects all drm drivers using default shmem helpers. It can be reproduced by this simple example: void *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset); ptr[0] = 0;

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-12T13:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma-\u003evm_flags \u0026 VM_PFNMAP) \u0026\u0026 is_cow_mapping(vma-\u003evm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;",
  "id": "GHSA-hc4x-fm75-q3wc",
  "modified": "2025-11-04T00:30:51Z",
  "published": "2024-07-12T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39497"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a508a102edf8735adc9bb73d37dd13c38d1a1b10"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCQG-278R-C3PP

Vulnerability from github – Published: 2025-02-19 00:31 – Updated: 2025-11-03 21:32
VLAI
Details

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-18T23:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.",
  "id": "GHSA-hcqg-278r-c3pp",
  "modified": "2025-11-03T21:32:46Z",
  "published": "2025-02-19T00:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22919"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "https://trac.ffmpeg.org/ticket/11385"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HF4Q-J72F-V9J9

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-18T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.",
  "id": "GHSA-hf4q-j72f-v9j9",
  "modified": "2022-05-13T01:42:48Z",
  "published": "2022-05-13T01:42:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12959"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482432"
    },
    {
      "type": "WEB",
      "url": "https://savannah.gnu.org/forum/forum.php?forum_id=8936"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HGH6-R5P8-WCXJ

Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-02 15:32
VLAI
Details

FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() return value. A remote unauthenticated attacker can send a single SCTP message with payload >= 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoint types (ports 36421 and 36422) share this vulnerable code path. In Release builds (NDEBUG), the stripped assertion leads to a signed-to-unsigned integer overflow and potential out-of-bounds read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-37228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T19:16:33Z",
    "severity": "HIGH"
  },
  "details": "FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc \u003c len) on the sctp_recvmsg() return value. A remote unauthenticated attacker can send a single SCTP message with payload \u003e= 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoint types (ports 36421 and 36422) share this vulnerable code path. In Release builds (NDEBUG), the stripped assertion leads to a signed-to-unsigned integer overflow and potential out-of-bounds read.",
  "id": "GHSA-hgh6-r5p8-wcxj",
  "modified": "2026-06-02T15:32:01Z",
  "published": "2026-06-01T21:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37228"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37228.md"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HGJC-F253-C7XH

Vulnerability from github – Published: 2025-08-06 09:30 – Updated: 2025-08-06 09:30
VLAI
Details

Transient DOS while processing an ANQP message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-06T08:15:29Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while processing an ANQP message.",
  "id": "GHSA-hgjc-f253-c7xh",
  "modified": "2025-08-06T09:30:36Z",
  "published": "2025-08-06T09:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27066"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ75-X8CX-FM4W

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14851"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-18T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.",
  "id": "GHSA-hj75-x8cx-fm4w",
  "modified": "2022-05-24T17:44:46Z",
  "published": "2022-05-24T17:44:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14851"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HJC6-5P5C-W4WG

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-15T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00.",
  "id": "GHSA-hjc6-5p5c-w4wg",
  "modified": "2022-05-24T17:44:38Z",
  "published": "2022-05-24T17:44:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24029"
    },
    {
      "type": "WEB",
      "url": "https://github.com/facebookincubator/mvfst/commit/a67083ff4b8dcbb7ee2839da6338032030d712b0"
    },
    {
      "type": "WEB",
      "url": "https://www.facebook.com/security/advisories/cve-2021-24029"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.