CWE-617
AllowedReachable Assertion
Abstraction: Base · Status: Draft
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
989 vulnerabilities reference this CWE, most recent first.
GHSA-QG39-5Q45-4GCC
Vulnerability from github – Published: 2026-03-30 18:31 – Updated: 2026-03-30 18:31A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set.
This issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31.
{
"affected": [],
"aliases": [
"CVE-2026-5170"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-30T16:16:10Z",
"severity": "MODERATE"
},
"details": "A user with access to the cluster with a limited set of privilege actions can trigger a crash of a\u00a0mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set.\n\nThis issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31.",
"id": "GHSA-qg39-5q45-4gcc",
"modified": "2026-03-30T18:31:17Z",
"published": "2026-03-30T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5170"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-101758"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QGFX-VV83-VJ4G
Vulnerability from github – Published: 2025-09-23 15:31 – Updated: 2025-09-23 15:31In the Linux kernel, the following vulnerability has been resolved:
ext4: don't BUG if someone dirty pages without asking ext4 first
[un]pin_user_pages_remote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 2018[1]; however, more recently instead of it being a very hard-to-hit race, it could be reliably triggered by process_vm_writev(2) which was discovered by Syzbot[2].
This is technically a bug in mm/gup.c, but arguably ext4 is fragile in that if some other kernel subsystem dirty pages without properly notifying the file system using page_mkwrite(), ext4 will BUG, while other file systems will not BUG (although data will still be lost).
So instead of crashing with a BUG, issue a warning (since there may be potential data loss) and just mark the page as clean to avoid unprivileged denial of service attacks until the problem can be properly fixed. More discussion and background can be found in the thread starting at [2].
[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz [2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com
{
"affected": [],
"aliases": [
"CVE-2022-49171"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: don\u0027t BUG if someone dirty pages without asking ext4 first\n\n[un]pin_user_pages_remote is dirtying pages without properly warning\nthe file system in advance. A related race was noted by Jan Kara in\n2018[1]; however, more recently instead of it being a very hard-to-hit\nrace, it could be reliably triggered by process_vm_writev(2) which was\ndiscovered by Syzbot[2].\n\nThis is technically a bug in mm/gup.c, but arguably ext4 is fragile in\nthat if some other kernel subsystem dirty pages without properly\nnotifying the file system using page_mkwrite(), ext4 will BUG, while\nother file systems will not BUG (although data will still be lost).\n\nSo instead of crashing with a BUG, issue a warning (since there may be\npotential data loss) and just mark the page as clean to avoid\nunprivileged denial of service attacks until the problem can be\nproperly fixed. More discussion and background can be found in the\nthread starting at [2].\n\n[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz\n[2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com",
"id": "GHSA-qgfx-vv83-vj4g",
"modified": "2025-09-23T15:31:08Z",
"published": "2025-09-23T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49171"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d3a6926f7e8be3c897fa46216ce13b119a9f56a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/330d0e44fc5a47c27df958ecdd4693a3cb1d8b81"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/343117559ef41e992e326f7a92da1a8f254dfa8c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a016c053f426a73752c3b41b60b497b58694d48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5db60e76edf5680ff1f3a7221036fc44b308f146"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/677c9d30e8487bee6c8e3b034070319d98f6e203"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0856764dc1276ad2dc7891288c2e9246bf11a37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc5095747edfb054ca2068d01af20be3fcc3634f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d666dfaa571465a19f014534a214c255ea33f301"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGVM-PX6J-QX93
Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-15 21:30Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout
{
"affected": [],
"aliases": [
"CVE-2022-33244"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-10T21:15:00Z",
"severity": "HIGH"
},
"details": "Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout",
"id": "GHSA-qgvm-px6j-qx93",
"modified": "2023-03-15T21:30:26Z",
"published": "2023-03-10T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33244"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QH22-J9CH-4X4C
Vulnerability from github – Published: 2026-06-10 00:31 – Updated: 2026-06-10 00:31An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.
{
"affected": [],
"aliases": [
"CVE-2026-9750"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T23:17:04Z",
"severity": "HIGH"
},
"details": "An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.",
"id": "GHSA-qh22-j9ch-4x4c",
"modified": "2026-06-10T00:31:50Z",
"published": "2026-06-10T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9750"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-123633"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QHQF-49X5-89W6
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
{
"affected": [],
"aliases": [
"CVE-2017-7479"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-15T18:29:00Z",
"severity": "MODERATE"
},
"details": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.",
"id": "GHSA-qhqf-49x5-89w6",
"modified": "2022-05-13T01:46:59Z",
"published": "2022-05-13T01:46:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7479"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3900"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98443"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038473"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QHVG-J82M-W264
Vulnerability from github – Published: 2022-02-02 00:01 – Updated: 2022-03-17 00:06MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
{
"affected": [],
"aliases": [
"CVE-2021-46666"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-01T02:15:00Z",
"severity": "HIGH"
},
"details": "MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.",
"id": "GHSA-qhvg-j82m-w264",
"modified": "2022-03-17T00:06:05Z",
"published": "2022-02-02T00:01:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46666"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-25635"
},
{
"type": "WEB",
"url": "https://mariadb.com/kb/en/security"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220221-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QHW4-WWR7-GJC5
Vulnerability from github – Published: 2022-09-16 22:09 – Updated: 2022-09-19 19:13Impact
If EmptyTensorList receives an input element_shape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
tf.raw_ops.EmptyTensorList(element_shape=tf.ones(dtype=tf.int32, shape=[1, 0]), max_num_elements=tf.constant(1),element_dtype=tf.int32)
Patches
We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Kang Hong Jin.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35998"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:09:57Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nIf `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\n\ntf.raw_ops.EmptyTensorList(element_shape=tf.ones(dtype=tf.int32, shape=[1, 0]), max_num_elements=tf.constant(1),element_dtype=tf.int32)\n```\n\n### Patches\nWe have patched the issue in GitHub commit [c8ba76d48567aed347508e0552a257641931024d](https://github.com/tensorflow/tensorflow/commit/c8ba76d48567aed347508e0552a257641931024d).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Kang Hong Jin.\n",
"id": "GHSA-qhw4-wwr7-gjc5",
"modified": "2022-09-19T19:13:56Z",
"published": "2022-09-16T22:09:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35998"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/c8ba76d48567aed347508e0552a257641931024d"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`"
}
GHSA-QJ5R-F9MV-RFFH
Vulnerability from github – Published: 2022-02-09 23:38 – Updated: 2024-11-13 22:45Impact
Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails (i.e., assertion failures). This is similar to TFSA-2021-198 (CVE-2021-41197) and has similar fixes.
Patches
We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Faysal Hossain Shezan from University of Virginia.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
}
],
"aliases": [
"CVE-2022-23569"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-03T21:16:06Z",
"nvd_published_at": "2022-02-03T13:15:00Z",
"severity": "HIGH"
},
"details": "### Impact \nMultiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to [TFSA-2021-198](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md) (CVE-2021-41197) and has similar fixes.\n\n### Patches\nWe have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered.\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n \n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n \n### Attribution\nThis vulnerability has been reported by Faysal Hossain Shezan from University of Virginia.",
"id": "GHSA-qj5r-f9mv-rffh",
"modified": "2024-11-13T22:45:00Z",
"published": "2022-02-09T23:38:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23569"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "`CHECK`-fails when building invalid tensor shapes in Tensorflow"
}
GHSA-QJ7J-M28F-G68X
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
{
"affected": [],
"aliases": [
"CVE-2021-28905"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-20T19:15:00Z",
"severity": "HIGH"
},
"details": "In function lys_node_free() in libyang \u003c= v1.0.225, it asserts that the value of node-\u003emodule can\u0027t be NULL. But in some cases, node-\u003emodule can be null, which triggers a reachable assertion (CWE-617).",
"id": "GHSA-qj7j-m28f-g68x",
"modified": "2022-05-24T19:02:50Z",
"published": "2022-05-24T19:02:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28905"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/issues/1452"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-54"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QJ9W-VFQP-8PCV
Vulnerability from github – Published: 2026-07-15 00:31 – Updated: 2026-07-15 15:32A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 (in the Pump Configuration and Control cluster), the server tick function violates the assertion currentLevel < maxLevel, resulting in a crash. This can be exploited remotely without authentication to cause denial of service. Affected versions include 1.3 and 1.4 (commit ab3d5ae).
{
"affected": [],
"aliases": [
"CVE-2025-56362"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T23:17:27Z",
"severity": "HIGH"
},
"details": "A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Control cluster\u0027s periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 (in the Pump Configuration and Control cluster), the server tick function violates the assertion `currentLevel \u003c maxLevel`, resulting in a crash. This can be exploited remotely without authentication to cause denial of service. Affected versions include 1.3 and 1.4 (commit ab3d5ae).",
"id": "GHSA-qj9w-vfqp-8pcv",
"modified": "2026-07-15T15:32:59Z",
"published": "2026-07-15T00:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56362"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip/issues/38618"
},
{
"type": "WEB",
"url": "https://github.com/project-chip/connectedhomeip"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Strategy: Input Validation
Perform input validation on user data.
No CAPEC attack patterns related to this CWE.