VYPR

CWE-617

Reachable Assertion

BaseDraft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (267)

page 9 of 14
  • CVE-2026-23238MedMar 4, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if the requested block size is incompatible with the block device's configuration.…

  • CVE-2024-39509MedJul 12, 2024
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement()…

  • CVE-2024-34036MedFeb 25, 2025
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp.

  • CVE-2026-46543MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls…

  • CVE-2026-34066MedApr 22, 2026
    risk 0.27cvss 5.3epss 0.00

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within…

  • CVE-2026-34069MedApr 14, 2026
    risk 0.27cvss 5.3epss 0.00

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain…

  • CVE-2025-15497LowJan 30, 2026
    risk 0.25cvss epss 0.00

    Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

  • CVE-2026-48852LowMay 25, 2026
    risk 0.24cvss 3.7epss 0.00

    PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.

  • CVE-2025-8537LowAug 5, 2025
    risk 0.24cvss 3.7epss 0.01

    A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to…

  • CVE-2026-46542MedJun 10, 2026
    risk 0.21cvss 4.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in…

  • CVE-2025-9403LowAug 25, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and…

  • CVE-2025-9301LowAug 21, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly…

  • CVE-2025-8836LowAug 11, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The…

  • CVE-2025-8698LowAug 7, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion.…

  • CVE-2025-6536LowJun 24, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The…

  • CVE-2025-6497LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been…

  • CVE-2025-6273LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The…

  • CVE-2025-50422LowAug 4, 2025
    risk 0.19cvss 2.9epss 0.00

    Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.

  • CVE-2025-31160LowMar 26, 2025
    risk 0.19cvss 2.9epss 0.00

    atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

  • CVE-2026-10300LowJun 1, 2026
    risk 0.17cvss 3.7epss 0.00

    A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack…