VYPR

CWE-617

Reachable Assertion

BaseDraft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (267)

page 1 of 14
  • CVE-2026-24826CriJan 27, 2026
    risk 0.65cvss epss 0.00

    Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .

  • CVE-2026-29116HigJun 10, 2026
    risk 0.57cvss epss 0.00

    A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

  • CVE-2006-5779HigNov 7, 2006
    risk 0.55cvss 7.5epss 0.75

    OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

  • CVE-2017-7478HigMay 15, 2017
    risk 0.53cvss 7.5epss 0.14

    OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

  • CVE-2016-8864HigNov 2, 2016
    risk 0.52cvss 7.5epss 0.39

    named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and…

  • CVE-2006-6767HigJan 16, 2007
    risk 0.52cvss 7.5epss 0.07

    oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

  • CVE-2017-7605HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

  • CVE-2026-31739HigMay 1, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only…

  • CVE-2025-34458HigDec 22, 2025
    risk 0.50cvss epss 0.00

    wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E…

  • CVE-2006-4095HigSep 6, 2006
    risk 0.50cvss 7.5epss 0.13

    BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

  • CVE-2026-37233HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of the other argument (m1->xapp_id), effectively ignoring…

  • CVE-2026-37229HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.01

    FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the…

  • CVE-2026-37228HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.01

    FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() return value. A remote unauthenticated attacker can send a single SCTP message…

  • CVE-2026-37227HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type (e.g., E2nodeConfigurationUpdate) to crash the…

  • CVE-2026-37225HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated…

  • CVE-2026-37224HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending…

  • CVE-2026-37223HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to…

  • CVE-2026-37222HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs (e.g., an E2setupRequest with extra optional fields) to crash the…

  • CVE-2026-37221HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a…

  • CVE-2026-37220HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the…