Common Weakness Enumeration

CWE-617

Allowed

Reachable Assertion

Abstraction: Base · Status: Draft

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

989 vulnerabilities reference this CWE, most recent first.

GHSA-PQMV-MQWC-WMR3

Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49
VLAI
Details

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-29T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In BIND 9.8.5 -\u003e 9.8.8, 9.9.3 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.9.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.",
  "id": "GHSA-pqmv-mqwc-wmr3",
  "modified": "2022-05-24T17:49:09Z",
  "published": "2022-05-24T17:49:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25214"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/v1/docs/cve-2021-25214"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210521-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4909"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PR4H-PC76-99RF

Vulnerability from github – Published: 2022-01-28 00:01 – Updated: 2022-02-04 00:00
VLAI
Details

There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an Assertion `s \u003c mjs-\u003eowned_strings.buf + mjs-\u003eowned_strings.len\u0027 failed at src/mjs_gc.c in Cesanta MJS v2.20.0.",
  "id": "GHSA-pr4h-pc76-99rf",
  "modified": "2022-02-04T00:00:45Z",
  "published": "2022-01-28T00:01:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46510"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cesanta/mjs/issues/185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PVQR-5PWQ-XC53

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/rmap: fix incorrect pte restoration for lazyfree folios

We batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If the batch has a mix of writable and non-writable bits, we may end up setting the entire batch writable. Fix this by respecting writable bit during batching.

Although on a successful unmap of a lazyfree folio, the soft-dirty bit is lost, preserve it on pte restoration by respecting the bit during batching, to make the fix consistent w.r.t both writable bit and soft-dirty bit.

I was able to write the below reproducer and crash the kernel. Explanation of reproducer (set 64K mTHP to always):

Fault in a 64K large folio. Split the VMA at mid-point with MADV_DONTFORK. fork() - parent points to the folio with 8 writable ptes and 8 non-writable ptes. Merge the VMAs with MADV_DOFORK so that folio_unmap_pte_batch() can determine all the 16 ptes as a batch. Do MADV_FREE on the range to mark the folio as lazyfree. Write to the memory to dirty the pte, eventually rmap will dirty the folio. Then trigger reclaim, we will hit the pte restoration path, and the kernel will crash with the trace given below.

The BUG happens at:

BUG_ON(atomic_inc_return(&ptc->anon_map_count) > 1 && rw);

The code path is asking for anonymous page to be mapped writable into the pagetable. The BUG_ON() firing implies that such a writable page has been mapped into the pagetables of more than one process, which breaks anonymous memory/CoW semantics.

[ 21.134473] kernel BUG at mm/page_table_check.c:118! [ 21.134497] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 21.135917] Modules linked in: [ 21.136085] CPU: 1 UID: 0 PID: 1735 Comm: dup-lazyfree Not tainted 7.0.0-rc1-00116-g018018a17770 #1028 PREEMPT [ 21.136858] Hardware name: linux,dummy-virt (DT) [ 21.137019] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 21.137308] pc : page_table_check_set+0x28c/0x2a8 [ 21.137607] lr : page_table_check_set+0x134/0x2a8 [ 21.137885] sp : ffff80008a3b3340 [ 21.138124] x29: ffff80008a3b3340 x28: fffffdffc3d14400 x27: ffffd1a55e03d000 [ 21.138623] x26: 0040000000000040 x25: ffffd1a55f7dd000 x24: 0000000000000001 [ 21.139045] x23: 0000000000000001 x22: 0000000000000001 x21: ffffd1a55f217f30 [ 21.139629] x20: 0000000000134521 x19: 0000000000134519 x18: 005c43e000040000 [ 21.140027] x17: 0001400000000000 x16: 0001700000000000 x15: 000000000000ffff [ 21.140578] x14: 000000000000000c x13: 005c006000000000 x12: 0000000000000020 [ 21.140828] x11: 0000000000000000 x10: 005c000000000000 x9 : ffffd1a55c079ee0 [ 21.141077] x8 : 0000000000000001 x7 : 005c03e000040000 x6 : 000000004000ffff [ 21.141490] x5 : ffff00017fffce00 x4 : 0000000000000001 x3 : 0000000000000002 [ 21.141741] x2 : 0000000000134510 x1 : 0000000000000000 x0 : ffff0000c08228c0 [ 21.141991] Call trace: [ 21.142093] page_table_check_set+0x28c/0x2a8 (P) [ 21.142265] __page_table_check_ptes_set+0x144/0x1e8 [ 21.142441] __set_ptes_anysz.constprop.0+0x160/0x1a8 [ 21.142766] contpte_set_ptes+0xe8/0x140 [ 21.142907] try_to_unmap_one+0x10c4/0x10d0 [ 21.143177] rmap_walk_anon+0x100/0x250 [ 21.143315] try_to_unmap+0xa0/0xc8 [ 21.143441] shrink_folio_list+0x59c/0x18a8 [ 21.143759] shrink_lruvec+0x664/0xbf0 [ 21.144043] shrink_node+0x218/0x878 [ 21.144285] __node_reclaim.constprop.0+0x98/0x338 [ 21.144763] user_proactive_reclaim+0x2a4/0x340 [ 21.145056] reclaim_store+0x3c/0x60 [ 21.145216] dev_attr_store+0x20/0x40 [ 21.145585] sysfs_kf_write+0x84/0xa8 [ 21.145835] kernfs_fop_write_iter+0x130/0x1c8 [ 21.145994] vfs_write+0x2b8/0x368 [ 21.146119] ksys_write+0x70/0x110 [ 21.146240] __arm64_sys_write+0x24/0x38 [ 21.146380] invoke_syscall+0x50/0x120 [ 21.146513] el0_svc_common.constprop.0+0x48/0xf8 [ 21.146679] do_el0_svc+0x28/0x40 [ 21.146798] el0_svc+0x34/0x110 [ 21.146926] el0t ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31398"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/rmap: fix incorrect pte restoration for lazyfree folios\n\nWe batch unmap anonymous lazyfree folios by folio_unmap_pte_batch.  If the\nbatch has a mix of writable and non-writable bits, we may end up setting\nthe entire batch writable.  Fix this by respecting writable bit during\nbatching.\n\nAlthough on a successful unmap of a lazyfree folio, the soft-dirty bit is\nlost, preserve it on pte restoration by respecting the bit during\nbatching, to make the fix consistent w.r.t both writable bit and\nsoft-dirty bit.\n\nI was able to write the below reproducer and crash the kernel. \nExplanation of reproducer (set 64K mTHP to always):\n\nFault in a 64K large folio.  Split the VMA at mid-point with\nMADV_DONTFORK.  fork() - parent points to the folio with 8 writable ptes\nand 8 non-writable ptes.  Merge the VMAs with MADV_DOFORK so that\nfolio_unmap_pte_batch() can determine all the 16 ptes as a batch.  Do\nMADV_FREE on the range to mark the folio as lazyfree.  Write to the memory\nto dirty the pte, eventually rmap will dirty the folio.  Then trigger\nreclaim, we will hit the pte restoration path, and the kernel will crash\nwith the trace given below.\n\nThe BUG happens at:\n\n\tBUG_ON(atomic_inc_return(\u0026ptc-\u003eanon_map_count) \u003e 1 \u0026\u0026 rw);\n\nThe code path is asking for anonymous page to be mapped writable into the\npagetable.  The BUG_ON() firing implies that such a writable page has been\nmapped into the pagetables of more than one process, which breaks\nanonymous memory/CoW semantics.\n\n[   21.134473] kernel BUG at mm/page_table_check.c:118!\n[   21.134497] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n[   21.135917] Modules linked in:\n[   21.136085] CPU: 1 UID: 0 PID: 1735 Comm: dup-lazyfree Not tainted 7.0.0-rc1-00116-g018018a17770 #1028 PREEMPT\n[   21.136858] Hardware name: linux,dummy-virt (DT)\n[   21.137019] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   21.137308] pc : page_table_check_set+0x28c/0x2a8\n[   21.137607] lr : page_table_check_set+0x134/0x2a8\n[   21.137885] sp : ffff80008a3b3340\n[   21.138124] x29: ffff80008a3b3340 x28: fffffdffc3d14400 x27: ffffd1a55e03d000\n[   21.138623] x26: 0040000000000040 x25: ffffd1a55f7dd000 x24: 0000000000000001\n[   21.139045] x23: 0000000000000001 x22: 0000000000000001 x21: ffffd1a55f217f30\n[   21.139629] x20: 0000000000134521 x19: 0000000000134519 x18: 005c43e000040000\n[   21.140027] x17: 0001400000000000 x16: 0001700000000000 x15: 000000000000ffff\n[   21.140578] x14: 000000000000000c x13: 005c006000000000 x12: 0000000000000020\n[   21.140828] x11: 0000000000000000 x10: 005c000000000000 x9 : ffffd1a55c079ee0\n[   21.141077] x8 : 0000000000000001 x7 : 005c03e000040000 x6 : 000000004000ffff\n[   21.141490] x5 : ffff00017fffce00 x4 : 0000000000000001 x3 : 0000000000000002\n[   21.141741] x2 : 0000000000134510 x1 : 0000000000000000 x0 : ffff0000c08228c0\n[   21.141991] Call trace:\n[   21.142093]  page_table_check_set+0x28c/0x2a8 (P)\n[   21.142265]  __page_table_check_ptes_set+0x144/0x1e8\n[   21.142441]  __set_ptes_anysz.constprop.0+0x160/0x1a8\n[   21.142766]  contpte_set_ptes+0xe8/0x140\n[   21.142907]  try_to_unmap_one+0x10c4/0x10d0\n[   21.143177]  rmap_walk_anon+0x100/0x250\n[   21.143315]  try_to_unmap+0xa0/0xc8\n[   21.143441]  shrink_folio_list+0x59c/0x18a8\n[   21.143759]  shrink_lruvec+0x664/0xbf0\n[   21.144043]  shrink_node+0x218/0x878\n[   21.144285]  __node_reclaim.constprop.0+0x98/0x338\n[   21.144763]  user_proactive_reclaim+0x2a4/0x340\n[   21.145056]  reclaim_store+0x3c/0x60\n[   21.145216]  dev_attr_store+0x20/0x40\n[   21.145585]  sysfs_kf_write+0x84/0xa8\n[   21.145835]  kernfs_fop_write_iter+0x130/0x1c8\n[   21.145994]  vfs_write+0x2b8/0x368\n[   21.146119]  ksys_write+0x70/0x110\n[   21.146240]  __arm64_sys_write+0x24/0x38\n[   21.146380]  invoke_syscall+0x50/0x120\n[   21.146513]  el0_svc_common.constprop.0+0x48/0xf8\n[   21.146679]  do_el0_svc+0x28/0x40\n[   21.146798]  el0_svc+0x34/0x110\n[   21.146926]  el0t\n---truncated---",
  "id": "GHSA-pvqr-5pwq-xc53",
  "modified": "2026-04-27T15:30:32Z",
  "published": "2026-04-03T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31398"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/29f40594a28114b9a9bc87f6cf7bbee9609628f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99888a4f340ca8e839a0524556bd4db76d63f4e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0911ccdba41b0871abbf8412857bafedec3dbe1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PVRQ-5HV2-JX7R

Vulnerability from github – Published: 2026-02-02 03:31 – Updated: 2026-02-02 03:31
VLAI
Details

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T02:16:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.",
  "id": "GHSA-pvrq-5hv2-jx7r",
  "modified": "2026-02-02T03:31:18Z",
  "published": "2026-02-02T03:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1737"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4271"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4271#event-21968630023"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/4271#issue-3795147720"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.343636"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.343636"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.741192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q3RC-GRC5-X38Q

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
  "id": "GHSA-q3rc-grc5-x38q",
  "modified": "2022-05-24T19:01:49Z",
  "published": "2022-05-24T19:01:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11274"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q55C-22V4-X379

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46
VLAI
Details

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-27T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.",
  "id": "GHSA-q55c-22v4-x379",
  "modified": "2022-05-13T01:46:59Z",
  "published": "2022-05-13T01:46:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7508"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3900"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99230"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5JJ-RRMH-QQH6

Vulnerability from github – Published: 2022-11-09 12:00 – Updated: 2022-11-09 19:02
VLAI
Details

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-08T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.",
  "id": "GHSA-q5jj-rrmh-qqh6",
  "modified": "2022-11-09T19:02:22Z",
  "published": "2022-11-09T12:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26446"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/November-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q69W-W5PF-J6WP

Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-06-30 00:00
VLAI
Details

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain , Dwg_Data ' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-23T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *\u0027 failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.",
  "id": "GHSA-q69w-w5pf-j6wp",
  "modified": "2022-06-30T00:00:28Z",
  "published": "2022-06-24T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33024"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibreDWG/libredwg/issues/492"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6G5-8P95-HQH7

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-09-10 00:00
VLAI
Details

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-19T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.",
  "id": "GHSA-q6g5-8p95-hqh7",
  "modified": "2022-09-10T00:00:26Z",
  "published": "2022-05-24T17:18:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8617"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2020-8617"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200522-0002"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4365-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4365-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4689"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6HG-8GX7-PX5Q

Vulnerability from github – Published: 2023-05-12 15:30 – Updated: 2024-04-04 04:04
VLAI
Details

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-12T14:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.",
  "id": "GHSA-q6hg-8gx7-px5q",
  "modified": "2024-04-04T04:04:04Z",
  "published": "2023-05-12T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31921"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jerryscript-project/jerryscript/issues/5068"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Mitigation
Implementation

Strategy: Input Validation

Perform input validation on user data.

No CAPEC attack patterns related to this CWE.