CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-H7FF-CFC9-WMMH
Vulnerability from github – Published: 2022-09-16 22:15 – Updated: 2022-09-19 19:51Impact
When tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack.
import tensorflow as tf
arg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_2=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_3=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)
arg_4=8
arg_5=False
arg_6=None
tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient(gradients=arg_0,
inputs=arg_1, min=arg_2, max=arg_3, num_bits=arg_4,
narrow_range=arg_5, name=arg_6)
Patches
We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by - 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology - Neophytos Christou, Secure Systems Labs, Brown University
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35990"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:15:21Z",
"nvd_published_at": "2022-09-16T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack.\n```python\nimport tensorflow as tf\narg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_1=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_2=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_3=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)\narg_4=8\narg_5=False\narg_6=None\ntf.quantization.fake_quant_with_min_max_vars_per_channel_gradient(gradients=arg_0, \n inputs=arg_1, min=arg_2, max=arg_3, num_bits=arg_4, \n narrow_range=arg_5, name=arg_6)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f3cf67ac5705f4f04721d15e485e192bb319feed](https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by \n - \u5218\u529b\u6e90, Information System \u0026 Security and Countermeasures Experiments Center, Beijing Institute of Technology\n - Neophytos Christou, Secure Systems Labs, Brown University\n",
"id": "GHSA-h7ff-cfc9-wmmh",
"modified": "2022-09-19T19:51:34Z",
"published": "2022-09-16T22:15:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35990"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": " TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`"
}
GHSA-H9CC-W26M-J342
Vulnerability from github – Published: 2026-05-21 19:45 – Updated: 2026-06-10 13:41Impact
A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is
constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the
hosting process.
A secondary panic existed in Commitment::From<[u8; 32]>, which similarly called .unwrap() on a failing curve point decompression.
Who is affected: Browser and desktop wallet users of the web-client WASM library and the nimiq-wallet crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include
a crafted public key in a multisig setup — this is not a remotely triggerable node/validator crash.
Who is NOT affected: Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig delinearization path.
Patches
See PR.
Workarounds
No code-level workaround exists short of the patch. Users of wallet applications can mitigate exposure by only performing multisig operations with public keys received from trusted sources.
Resources
- Affected code:
keys/src/multisig/mod.rs,keys/src/multisig/commitment.rs
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "nimiq-keys"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46542"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-21T19:45:08Z",
"nvd_published_at": "2026-06-10T00:16:54Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. `Ed25519PublicKey::delinearize()` in `keys/src/multisig/mod.rs` called `.unwrap()` on curve point decompression, which panics when a public key is\nconstructed from 32 bytes that do not represent a valid point on the Ed25519 curve. `Ed25519PublicKey` construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the\nhosting process.\n\nA secondary panic existed in `Commitment::From\u003c[u8; 32]\u003e`, which similarly called `.unwrap()` on a failing curve point decompression.\n\n**Who is affected:** Browser and desktop wallet users of the web-client WASM library and the `nimiq-wallet` crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include\na crafted public key in a multisig setup \u2014 this is not a remotely triggerable node/validator crash.\n\n**Who is NOT affected:** Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig delinearization path.\n\n### Patches\n\nSee [PR](https://github.com/nimiq/core-rs-albatross/pull/3713).\n\n### Workarounds\n\nNo code-level workaround exists short of the patch. Users of wallet applications can mitigate exposure by only performing multisig operations with public keys received from trusted sources.\n\n### Resources\n- Affected code: `keys/src/multisig/mod.rs`, `keys/src/multisig/commitment.rs`",
"id": "GHSA-h9cc-w26m-j342",
"modified": "2026-06-10T13:41:32Z",
"published": "2026-05-21T19:45:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-h9cc-w26m-j342"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46542"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/pull/3713"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/commit/3bc449a8138960c4de6bfd506bad1730c621d4de"
},
{
"type": "PACKAGE",
"url": "https://github.com/nimiq/core-rs-albatross"
},
{
"type": "WEB",
"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points"
}
GHSA-H9P5-352Q-GR22
Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-18 06:30Denial of service in MODEM due to reachable assertion in Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2022-25671"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T10:15:00Z",
"severity": "HIGH"
},
"details": "Denial of service in MODEM due to reachable assertion in Snapdragon Mobile",
"id": "GHSA-h9p5-352q-gr22",
"modified": "2022-11-18T06:30:35Z",
"published": "2022-11-15T12:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25671"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HC4X-FM75-Q3WC
Vulnerability from github – Published: 2024-07-12 15:31 – Updated: 2025-11-04 00:30In the Linux kernel, the following vulnerability has been resolved:
drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));
Return -EINVAL early if COW mapping is detected.
This bug affects all drm drivers using default shmem helpers. It can be reproduced by this simple example: void *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset); ptr[0] = 0;
{
"affected": [],
"aliases": [
"CVE-2024-39497"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-12T13:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma-\u003evm_flags \u0026 VM_PFNMAP) \u0026\u0026 is_cow_mapping(vma-\u003evm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;",
"id": "GHSA-hc4x-fm75-q3wc",
"modified": "2025-11-04T00:30:51Z",
"published": "2024-07-12T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39497"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a508a102edf8735adc9bb73d37dd13c38d1a1b10"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HCQG-278R-C3PP
Vulnerability from github – Published: 2025-02-19 00:31 – Updated: 2025-11-03 21:32A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
{
"affected": [],
"aliases": [
"CVE-2025-22919"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T23:15:10Z",
"severity": "MODERATE"
},
"details": "A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.",
"id": "GHSA-hcqg-278r-c3pp",
"modified": "2025-11-03T21:32:46Z",
"published": "2025-02-19T00:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22919"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/11385"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HF4Q-J72F-V9J9
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2017-12959"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-18T21:29:00Z",
"severity": "HIGH"
},
"details": "There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.",
"id": "GHSA-hf4q-j72f-v9j9",
"modified": "2022-05-13T01:42:48Z",
"published": "2022-05-13T01:42:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12959"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482432"
},
{
"type": "WEB",
"url": "https://savannah.gnu.org/forum/forum.php?forum_id=8936"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HGH6-R5P8-WCXJ
Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-02 15:32FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() return value. A remote unauthenticated attacker can send a single SCTP message with payload >= 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoint types (ports 36421 and 36422) share this vulnerable code path. In Release builds (NDEBUG), the stripped assertion leads to a signed-to-unsigned integer overflow and potential out-of-bounds read.
{
"affected": [],
"aliases": [
"CVE-2026-37228"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T19:16:33Z",
"severity": "HIGH"
},
"details": "FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc \u003c len) on the sctp_recvmsg() return value. A remote unauthenticated attacker can send a single SCTP message with payload \u003e= 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoint types (ports 36421 and 36422) share this vulnerable code path. In Release builds (NDEBUG), the stripped assertion leads to a signed-to-unsigned integer overflow and potential out-of-bounds read.",
"id": "GHSA-hgh6-r5p8-wcxj",
"modified": "2026-06-02T15:32:01Z",
"published": "2026-06-01T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37228"
},
{
"type": "WEB",
"url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37228.md"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HGJC-F253-C7XH
Vulnerability from github – Published: 2025-08-06 09:30 – Updated: 2025-08-06 09:30Transient DOS while processing an ANQP message.
{
"affected": [],
"aliases": [
"CVE-2025-27066"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T08:15:29Z",
"severity": "HIGH"
},
"details": "Transient DOS while processing an ANQP message.",
"id": "GHSA-hgjc-f253-c7xh",
"modified": "2025-08-06T09:30:36Z",
"published": "2025-08-06T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27066"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HJ75-X8CX-FM4W
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.
{
"affected": [],
"aliases": [
"CVE-2019-14851"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-18T20:15:00Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.",
"id": "GHSA-hj75-x8cx-fm4w",
"modified": "2022-05-24T17:44:46Z",
"published": "2022-05-24T17:44:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14851"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HJC6-5P5C-W4WG
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00.
{
"affected": [],
"aliases": [
"CVE-2021-24029"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-15T22:15:00Z",
"severity": "HIGH"
},
"details": "A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00.",
"id": "GHSA-hjc6-5p5c-w4wg",
"modified": "2022-05-24T17:44:38Z",
"published": "2022-05-24T17:44:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24029"
},
{
"type": "WEB",
"url": "https://github.com/facebookincubator/mvfst/commit/a67083ff4b8dcbb7ee2839da6338032030d712b0"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2021-24029"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.