CWE-617
Reachable Assertion
BaseDraft
Description
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (125)
page 2 of 7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17432 | Hig | 0.49 | 7.5 | 0.01 | Dec 6, 2017 | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | |
| CVE-2017-13752 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13751 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13750 | Hig | 0.49 | 7.5 | 0.02 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13749 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13747 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13746 | Hig | 0.49 | 7.5 | 0.02 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | |
| CVE-2017-13745 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. | |
| CVE-2017-12960 | Hig | 0.49 | 7.5 | 0.00 | Aug 18, 2017 | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |
| CVE-2017-12959 | Hig | 0.49 | 7.5 | 0.00 | Aug 18, 2017 | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. | |
| CVE-2017-11692 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2017 | The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | |
| CVE-2017-7508 | Hig | 0.49 | 7.5 | 0.00 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |
| CVE-2017-0376 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2017 | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | |
| CVE-2017-0375 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2017 | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |
| CVE-2017-8915 | Hig | 0.49 | 7.5 | 0.01 | May 23, 2017 | sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. | |
| CVE-2016-9399 | Hig | 0.49 | 7.5 | 0.02 | Mar 23, 2017 | The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |
| CVE-2016-9398 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |
| CVE-2016-9397 | Hig | 0.49 | 7.5 | 0.02 | Mar 23, 2017 | The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. | |
| CVE-2006-4574 | Hig | 0.49 | 7.5 | 0.07 | Oct 28, 2006 | Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. | |
| CVE-2006-4095 | Hig | 0.49 | 7.5 | 0.05 | Sep 6, 2006 | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. |