CWE-617
Reachable Assertion
Description
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (267)
page 2 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5946 | Hig | 0.49 | 7.5 | 0.01 | May 20, 2026 | Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests… | ||
| CVE-2026-4046 | Hig | 0.49 | 7.5 | 0.00 | Mar 30, 2026 | The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by… | ||
| CVE-2026-22990 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. … | ||
| CVE-2025-13878 | Hig | 0.49 | 7.5 | 0.08 | Jan 21, 2026 | Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1. | ||
| CVE-2025-40777 | Hig | 0.49 | 7.5 | 0.01 | Jul 16, 2025 | If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a… | ||
| CVE-2024-8361 | Hig | 0.49 | 7.5 | 0.00 | Jan 7, 2025 | In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If… | ||
| CVE-2024-53429 | Hig | 0.49 | 7.5 | 0.01 | Nov 21, 2024 | Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. | ||
| CVE-2024-4076 | Hig | 0.49 | 7.5 | 0.02 | Jul 23, 2024 | Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through… | ||
| CVE-2024-39697 | Hig | 0.49 | 8.6 | 0.01 | Jul 9, 2024 | phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get… | ||
| CVE-2022-48363 | Hig | 0.49 | 7.5 | 0.01 | Feb 26, 2023 | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | ||
| CVE-2018-17231 | Hig | 0.49 | 7.5 | 0.02 | Sep 19, 2018 | Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because… | ||
| CVE-2018-14045 | Hig | 0.49 | 7.5 | 0.03 | Jul 13, 2018 | The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||
| CVE-2018-14044 | Hig | 0.49 | 7.5 | 0.03 | Jul 13, 2018 | The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||
| CVE-2018-12687 | Hig | 0.49 | 7.5 | 0.01 | Jun 22, 2018 | tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. | ||
| CVE-2018-12504 | Hig | 0.49 | 7.5 | 0.02 | Jun 16, 2018 | tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. | ||
| CVE-2018-7714 | Hig | 0.49 | 7.5 | 0.02 | Mar 5, 2018 | The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is… | ||
| CVE-2018-7713 | Hig | 0.49 | 7.5 | 0.02 | Mar 5, 2018 | The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is… | ||
| CVE-2018-7712 | Hig | 0.49 | 7.5 | 0.02 | Mar 5, 2018 | The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it… | ||
| CVE-2017-17432 | Hig | 0.49 | 7.5 | 0.03 | Dec 6, 2017 | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | ||
| CVE-2017-13752 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
- risk 0.49cvss 7.5epss 0.01
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests…
- risk 0.49cvss 7.5epss 0.00
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. …
- risk 0.49cvss 7.5epss 0.08
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
- risk 0.49cvss 7.5epss 0.01
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a…
- risk 0.49cvss 7.5epss 0.00
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If…
- risk 0.49cvss 7.5epss 0.01
Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.
- risk 0.49cvss 7.5epss 0.02
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through…
- risk 0.49cvss 8.6epss 0.01
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get…
- risk 0.49cvss 7.5epss 0.01
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
- risk 0.49cvss 7.5epss 0.02
Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because…
- risk 0.49cvss 7.5epss 0.03
The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
- risk 0.49cvss 7.5epss 0.03
The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
- risk 0.49cvss 7.5epss 0.01
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.
- risk 0.49cvss 7.5epss 0.02
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.
- risk 0.49cvss 7.5epss 0.02
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is…
- risk 0.49cvss 7.5epss 0.02
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it is…
- risk 0.49cvss 7.5epss 0.02
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false. Note: “OpenCV CV_Assert is not an assertion (C-like assert()), it…
- risk 0.49cvss 7.5epss 0.03
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
- risk 0.49cvss 7.5epss 0.04
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.