Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

986 vulnerabilities reference this CWE, most recent first.

GHSA-XR65-FGV2-R9VH

Vulnerability from github – Published: 2025-08-05 03:31 – Updated: 2025-08-05 03:31
VLAI
Details

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-05T01:15:43Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-xr65-fgv2-r9vh",
  "modified": "2025-08-05T03:31:18Z",
  "published": "2025-08-05T03:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8537"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axiomatic-systems/Bento4/issues/1037"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1AkRpx3wcMy3Ic9tQeQyRJybBipK72aQO/view?usp=drive_link"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.318666"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.318666"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.619602"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XVM3-W96C-9WHC

Vulnerability from github – Published: 2025-02-25 15:34 – Updated: 2025-02-25 21:31
VLAI
Details

An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-25T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.",
  "id": "GHSA-xvm3-w96c-9whc",
  "modified": "2025-02-25T21:31:41Z",
  "published": "2025-02-25T15:34:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34034"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/fklement/3a43dbb9fb361dddd8db7703080ade0f"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eurecom.fr/mosaic5g/flexric/-/tags/v2.0.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XX3P-5M4J-RHW8

Vulnerability from github – Published: 2024-09-19 12:31 – Updated: 2024-09-19 12:31
VLAI
Details

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8354"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-19T11:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.",
  "id": "GHSA-xx3p-5m4j-rhw8",
  "modified": "2024-09-19T12:31:20Z",
  "published": "2024-09-19T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8354"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8354"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313497"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XX6R-3QQR-WH55

Vulnerability from github – Published: 2022-03-27 00:00 – Updated: 2022-03-31 00:00
VLAI
Details

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-26T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.",
  "id": "GHSA-xx6r-3qqr-wh55",
  "modified": "2022-03-31T00:00:32Z",
  "published": "2022-03-27T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27939"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/717"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRCFJ6X3IVB7BT4KS6AHQMSL532YXYD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWRZO7BG6DHA5NAC3COB45WFXLYRIERC"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXV4-5PRV-8F29

Vulnerability from github – Published: 2025-12-25 06:30 – Updated: 2025-12-25 06:30
VLAI
Details

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-25T05:16:07Z",
    "severity": "MODERATE"
  },
  "details": "Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.",
  "id": "GHSA-xxv4-5prv-8f29",
  "modified": "2025-12-25T06:30:26Z",
  "published": "2025-12-25T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49088"
    },
    {
      "type": "WEB",
      "url": "https://docs.pexip.com/admin/security_bulletins.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXVM-GXXX-R9PG

Vulnerability from github – Published: 2025-07-01 12:31 – Updated: 2025-07-01 12:31
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-01T12:15:24Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-xxvm-gxxx-r9pg",
  "modified": "2025-07-01T12:31:02Z",
  "published": "2025-07-01T12:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6952"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/3938"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/3938#issuecomment-3012139813"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/commit/53e9e059ed96b940f7ddcd9a2b68cb512524d5db"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.314489"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.314489"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.605312"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.