VYPR

CWE-617

Reachable Assertion

BaseDraft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (267)

page 2 of 14
  • CVE-2026-5946HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests…

  • CVE-2026-4046HigMar 30, 2026
    risk 0.49cvss 7.5epss 0.00

    The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by…

  • CVE-2026-22990HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. …

  • CVE-2025-13878HigJan 21, 2026
    risk 0.49cvss 7.5epss 0.08

    Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.

  • CVE-2025-40777HigJul 16, 2025
    risk 0.49cvss 7.5epss 0.01

    If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a…

  • CVE-2024-8361HigJan 7, 2025
    risk 0.49cvss 7.5epss 0.00

    In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If…

  • CVE-2024-53429HigNov 21, 2024
    risk 0.49cvss 7.5epss 0.01

    Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.

  • CVE-2024-4076HigJul 23, 2024
    risk 0.49cvss 7.5epss 0.02

    Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through…

  • CVE-2024-39697HigJul 9, 2024
    risk 0.49cvss 8.6epss 0.01

    phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get…

  • CVE-2022-48363HigFeb 26, 2023
    risk 0.49cvss 7.5epss 0.01

    In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.

  • CVE-2018-17231HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.02

    Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because…

  • CVE-2018-14045HigJul 13, 2018
    risk 0.49cvss 7.5epss 0.03

    The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

  • CVE-2018-14044HigJul 13, 2018
    risk 0.49cvss 7.5epss 0.03

    The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

  • CVE-2018-12687HigJun 22, 2018
    risk 0.49cvss 7.5epss 0.01

    tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.

  • CVE-2018-12504HigJun 16, 2018
    risk 0.49cvss 7.5epss 0.02

    tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.

  • CVE-2018-7714HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.02

    The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is…

  • CVE-2018-7713HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.02

    The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is…

  • CVE-2018-7712HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.02

    The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it…

  • CVE-2017-17432HigDec 6, 2017
    risk 0.49cvss 7.5epss 0.03

    OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

  • CVE-2017-13752HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.