VYPR

CWE-617

Reachable Assertion

BaseDraft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (267)

page 6 of 14
  • CVE-2017-13658MedAug 24, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.

  • CVE-2017-13132MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a…

  • CVE-2017-11368MedAug 9, 2017
    risk 0.42cvss 6.5epss 0.02

    In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

  • CVE-2017-12670MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.

  • CVE-2017-12434MedAug 4, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.

  • CVE-2017-11683MedJul 27, 2017
    risk 0.42cvss 6.5epss 0.03

    There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2017-9501MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9500MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9499MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9142MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.

  • CVE-2017-9141MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.

  • CVE-2017-7479MedMay 15, 2017
    risk 0.42cvss 6.5epss 0.02

    OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

  • CVE-2026-8852MedMay 26, 2026
    risk 0.40cvss 6.2epss 0.00

    IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

  • CVE-2026-41523higJun 16, 2026
    risk 0.39cvss epss 0.00

    ### Summary An `assert`-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (`python -O` or…

  • CVE-2026-23555HigMar 23, 2026
    risk 0.39cvss 7.1epss 0.00

    Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored.…

  • CVE-2017-12168MedSep 20, 2017
    risk 0.39cvss 6.0epss 0.00

    The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).

  • CVE-2026-35058MedJun 8, 2026
    risk 0.38cvss epss 0.00

    Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

  • CVE-2026-34219MedMar 31, 2026
    risk 0.38cvss 5.9epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an…

  • CVE-2024-34035MedFeb 25, 2025
    risk 0.37cvss 5.7epss 0.00

    An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.

  • CVE-2024-34034MedFeb 25, 2025
    risk 0.37cvss 5.7epss 0.00

    An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.