VYPR

CWE-617

Reachable Assertion

BaseDraft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (267)

page 4 of 14
  • CVE-2026-29115MedJun 10, 2026
    risk 0.45cvss epss 0.00

    A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

  • CVE-2026-31398HigApr 3, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If the batch has a mix of writable and non-writable bits, we may end up setting…

  • CVE-2026-41485HigApr 24, 2026
    risk 0.43cvss 7.7epss 0.00

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` mutation handler allows any user with permission to create a `Policy` or `ClusterPolicy` to crash the cluster-wide…

  • CVE-2018-10963MedMay 10, 2018
    risk 0.43cvss 6.5epss 0.04

    The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.

  • CVE-2017-11524MedJul 23, 2017
    risk 0.43cvss 6.5epss 0.03

    The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.

  • CVE-2026-52718MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a…

  • CVE-2026-9750MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal…

  • CVE-2026-9749MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to…

  • CVE-2026-9748MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate…

  • CVE-2026-9747MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.

  • CVE-2026-9746MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.

  • CVE-2026-44321HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly…

  • CVE-2026-44319HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and…

  • CVE-2026-8843MedMay 18, 2026
    risk 0.42cvss 6.5epss 0.00

    Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryable_encrypted_range" indices. This issue…

  • CVE-2026-41584HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the…

  • CVE-2026-20450MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-56568HigApr 30, 2026
    risk 0.42cvss 7.5epss 0.00

    Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length…

  • CVE-2026-34063HigApr 22, 2026
    risk 0.42cvss 7.5epss 0.00

    Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if…

  • CVE-2026-3119MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.01

    Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue…

  • CVE-2026-27135HigMar 18, 2026
    risk 0.42cvss 7.5epss 0.01

    nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the…