CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
986 vulnerabilities reference this CWE, most recent first.
GHSA-XR65-FGV2-R9VH
Vulnerability from github – Published: 2025-08-05 03:31 – Updated: 2025-08-05 03:31A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-8537"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-05T01:15:43Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-xr65-fgv2-r9vh",
"modified": "2025-08-05T03:31:18Z",
"published": "2025-08-05T03:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8537"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/1037"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1AkRpx3wcMy3Ic9tQeQyRJybBipK72aQO/view?usp=drive_link"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.318666"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.318666"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.619602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XVM3-W96C-9WHC
Vulnerability from github – Published: 2025-02-25 15:34 – Updated: 2025-02-25 21:31An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.
{
"affected": [],
"aliases": [
"CVE-2024-34034"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-25T15:15:21Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.",
"id": "GHSA-xvm3-w96c-9whc",
"modified": "2025-02-25T21:31:41Z",
"published": "2025-02-25T15:34:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34034"
},
{
"type": "WEB",
"url": "https://gist.github.com/fklement/3a43dbb9fb361dddd8db7703080ade0f"
},
{
"type": "WEB",
"url": "https://gitlab.eurecom.fr/mosaic5g/flexric/-/tags/v2.0.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XX3P-5M4J-RHW8
Vulnerability from github – Published: 2024-09-19 12:31 – Updated: 2024-09-19 12:31A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2024-8354"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-19T11:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.",
"id": "GHSA-xx3p-5m4j-rhw8",
"modified": "2024-09-19T12:31:20Z",
"published": "2024-09-19T12:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8354"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8354"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313497"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XX6R-3QQR-WH55
Vulnerability from github – Published: 2022-03-27 00:00 – Updated: 2022-03-31 00:00tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
{
"affected": [],
"aliases": [
"CVE-2022-27939"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.",
"id": "GHSA-xx6r-3qqr-wh55",
"modified": "2022-03-31T00:00:32Z",
"published": "2022-03-27T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27939"
},
{
"type": "WEB",
"url": "https://github.com/appneta/tcpreplay/issues/717"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XXV4-5PRV-8F29
Vulnerability from github – Published: 2025-12-25 06:30 – Updated: 2025-12-25 06:30Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-49088"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-25T05:16:07Z",
"severity": "MODERATE"
},
"details": "Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.",
"id": "GHSA-xxv4-5prv-8f29",
"modified": "2025-12-25T06:30:26Z",
"published": "2025-12-25T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49088"
},
{
"type": "WEB",
"url": "https://docs.pexip.com/admin/security_bulletins.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XXVM-GXXX-R9PG
Vulnerability from github – Published: 2025-07-01 12:31 – Updated: 2025-07-01 12:31A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2025-6952"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-01T12:15:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-xxvm-gxxx-r9pg",
"modified": "2025-07-01T12:31:02Z",
"published": "2025-07-01T12:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6952"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/3938"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/3938#issuecomment-3012139813"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/commit/53e9e059ed96b940f7ddcd9a2b68cb512524d5db"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.314489"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.314489"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.605312"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.