Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-WCGQ-QMMC-WW44

Vulnerability from github – Published: 2023-03-16 15:30 – Updated: 2025-02-26 21:30
VLAI
Details

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.",
  "id": "GHSA-wcgq-qmmc-ww44",
  "modified": "2025-02-26T21:30:25Z",
  "published": "2023-03-16T15:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27783"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/780"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/pull/781"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3ER3YTFR3XIDMYEB7LMFWFTPVQALBHC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UK2BRH3W3ECF5FDXP6QM3ZEDTHIOE4M5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WFGC-2F4P-CM5V

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.",
  "id": "GHSA-wfgc-2f4p-cm5v",
  "modified": "2022-05-24T19:08:50Z",
  "published": "2022-05-24T19:08:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20262"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_ipsec/README.md"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2021/May/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WG72-V28C-7J5H

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.",
  "id": "GHSA-wg72-v28c-7j5h",
  "modified": "2022-05-24T17:40:17Z",
  "published": "2022-05-24T17:40:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36222"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9406"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9407"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa"
    },
    {
      "type": "WEB",
      "url": "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210226-0002"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212530"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212531"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/64"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/65"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGCP-6P65-QV57

Vulnerability from github – Published: 2022-05-20 00:00 – Updated: 2022-06-02 00:00
VLAI
Details

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-19T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -\u003e 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.",
  "id": "GHSA-wgcp-6p65-qv57",
  "modified": "2022-06-02T00:00:15Z",
  "published": "2022-05-20T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1183"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2022-1183"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220707-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGCX-V4X6-3PP9

Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 18:31
VLAI
Details

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-37220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T15:16:34Z",
    "severity": "HIGH"
  },
  "details": "FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message.",
  "id": "GHSA-wgcx-v4x6-3pp9",
  "modified": "2026-06-01T18:31:48Z",
  "published": "2026-06-01T15:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37220"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37220.md"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eurecom.fr/mosaic5g/flexric"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGPJ-6X6J-FH7R

Vulnerability from github – Published: 2022-01-12 00:01 – Updated: 2022-12-15 21:30
VLAI
Details

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Assertion `scaling_list_pred_matrix_id_delta==1\u0027 failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.",
  "id": "GHSA-wgpj-6x6j-fh7r",
  "modified": "2022-12-15T21:30:26Z",
  "published": "2022-01-12T00:01:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36409"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strukturag/libde265/issues/300"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHXF-QV83-4936

Vulnerability from github – Published: 2025-01-22 15:32 – Updated: 2025-01-29 00:31
VLAI
Details

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Cancel message missing a required MME_UE_S1AP_ID field to repeatedly crash the MME, resulting in denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T15:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Open5GS MME versions \u003c= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Cancel` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service.",
  "id": "GHSA-whxf-qv83-4936",
  "modified": "2025-01-29T00:31:53Z",
  "published": "2025-01-22T15:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37007"
    },
    {
      "type": "WEB",
      "url": "https://cellularsecurity.org/ransacked"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJ4M-W3QM-XPCH

Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-06-02 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

romfs: check sb_set_blocksize() return value

romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if the requested block size is incompatible with the block device's configuration.

This can be triggered by setting a loop device's block size larger than PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs filesystem on that device.

When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the device has logical_block_size=32768, bdev_validate_blocksize() fails because the requested size is smaller than the device's logical block size. sb_set_blocksize() returns 0 (failure), but romfs ignores this and continues mounting.

The superblock's block size remains at the device's logical block size (32768). Later, when sb_bread() attempts I/O with this oversized block size, it triggers a kernel BUG in folio_set_bh():

kernel BUG at fs/buffer.c:1582!
BUG_ON(size > PAGE_SIZE);

Fix by checking the return value of sb_set_blocksize() and failing the mount with -EINVAL if it returns 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T15:16:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nromfs: check sb_set_blocksize() return value\n\nromfs_fill_super() ignores the return value of sb_set_blocksize(), which\ncan fail if the requested block size is incompatible with the block\ndevice\u0027s configuration.\n\nThis can be triggered by setting a loop device\u0027s block size larger than\nPAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs\nfilesystem on that device.\n\nWhen sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the\ndevice has logical_block_size=32768, bdev_validate_blocksize() fails\nbecause the requested size is smaller than the device\u0027s logical block\nsize. sb_set_blocksize() returns 0 (failure), but romfs ignores this and\ncontinues mounting.\n\nThe superblock\u0027s block size remains at the device\u0027s logical block size\n(32768). Later, when sb_bread() attempts I/O with this oversized block\nsize, it triggers a kernel BUG in folio_set_bh():\n\n    kernel BUG at fs/buffer.c:1582!\n    BUG_ON(size \u003e PAGE_SIZE);\n\nFix by checking the return value of sb_set_blocksize() and failing the\nmount with -EINVAL if it returns 0.",
  "id": "GHSA-wj4m-w3qm-xpch",
  "modified": "2026-06-02T15:31:53Z",
  "published": "2026-03-04T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23238"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2c5829cd8fbbc91568c520b666898f57cdcb8cf6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b71ad7676564a94ec5f7d18298f51e8ae53db73"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b203b8ddd7359270e8a694d0584743555128e2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a381f0f61b35c8894b0bd0d6acef2d8f9b08b244"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbd9931e6456822067725354d83446c5bb813030"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2521ab1f63a8c244f06a080319e5ff9a2e1bd95"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJ8J-VMWR-JQC9

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2024-03-21 03:33
VLAI
Details

** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.”

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-05T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "** DISPUTED ** The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width \u003c= (1\u003c\u003c20)) may be false. Note: \u201cOpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.\u201d",
  "id": "GHSA-wj8j-vmwr-jqc9",
  "modified": "2024-03-21T03:33:22Z",
  "published": "2022-05-13T01:28:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencv/opencv/issues/10998"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJ92-JWCQ-3HPF

Vulnerability from github – Published: 2022-01-21 00:00 – Updated: 2022-01-27 00:02
VLAI
Details

There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-20T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an Assertion \u0027context_p-\u003estack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p-\u003estack_top_uint8 == SCAN_STACK_CATCH_STATEMENT\u0027 failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.",
  "id": "GHSA-wj92-jwcq-3hpf",
  "modified": "2022-01-27T00:02:29Z",
  "published": "2022-01-21T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jerryscript-project/jerryscript/issues/4924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.