CWE-617

Reachable Assertion

Parent: CWE-705 - Incorrect Control Flow Scoping

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

748 vulnerabilities with CWE-617
CVE-2025-49088 MEDIUM
Pexip Infinity 32.0-37.1 - Denial of Service via Crafted Calendar Invite
CVSS 5.9
CVE-2025-48704 HIGH
Pexip Infinity 35.0-37.2 - Denial of Service via Signalling Input Validation
CVSS 7.5
CVE-2025-32096 HIGH
Pexip Infinity 33.0-37.0 - Denial of Service via Signaling Input Validation
CVSS 7.5
CVE-2025-32095 HIGH
Pexip Infinity < 37.0 - Denial of Service via Crafted Signalling Message
CVSS 7.5
CVE-2025-34458 HIGH
wb2osz/direwolf <1.8 - Assertion Failure
CVE-2025-14954 LOW
open5gs < 2.7.5 - Reachable Assertion in QER/FAR/URR/PDR Context Handling
CVSS 3.7
CVE-2025-65559 HIGH
Open5GS 2.7.5-49-g465e90f - Denial of Service via PFCP Session Establishment Request
CVSS 7.5
CVE-2025-59029 MEDIUM
PowerDNS Recursor - Crafted DNS Record Denial of Service
CVSS 5.3
CVE-2025-20792 MEDIUM
MediaTek NR15 - Remote Denial of Service via Rogue Base Station
CVSS 5.3
CVE-2025-20791 MEDIUM
MediaTek NR15 - Remote Denial of Service via Rogue Base Station Connection
CVSS 6.5
CVE-2025-20757 MEDIUM
MediaTek NR15 - Remote Denial of Service via Rogue Base Station Connection
CVSS 6.5
CVE-2025-20752 MEDIUM
MediaTek NR15 NR16 NR17 NR17R - Remote Denial of Service via Rogue Base Station
CVSS 6.5
CVE-2025-13644 MEDIUM
MongoDB Server 7.0.0-7.0.25, 8.0.0-8.0.12, 8.1.0-8.1.1 - Reachable Assertion during Batched Delete Operations
CVSS 6.5
CVE-2025-60632 MEDIUM
free5gc < 1.4.0 - Denial of Service via Npcf_BDTPolicyControl API
CVSS 6.5
CVE-2025-4321 HIGH
RS9116W < 2.12.1 - Denial of Service via Malformed L2CAP Packets
CVE-2025-47913 HIGH
go/ssh < 0.43.0 - Denial of Service via SSH_AGENT_SUCCESS Response
CVSS 7.5
CVE-2025-46705 HIGH
Entr'ouvert Lasso 2.5.1 and 2.8.2 - Denial of Service via Malformed SAML Assertion Response
CVSS 7.5
CVE-2025-47370 MEDIUM
Qualcomm AR8035 Firmware - Denial of Service via Invalid BT Connection Request
CVSS 6.5
CVE-2025-41068 HIGH
Open5GS < 2.7.6 - Denial of Service via Invalid NF Type in SBI
CVSS 7.5
CVE-2025-41067 HIGH
open5gs < 2.7.6 - Denial of Service via NRF Registry Deletion
CVSS 7.5
CVE-2025-59530 HIGH
quic-go < 0.49.0, 0.54.1 - Unauthenticated Denial of Service via Premature HANDSHAKE_DONE Frame
CVSS 7.5
CVE-2025-46149 MEDIUM
PyTorch 2.6.0-2.6.9 - Reachable Assertion in nn.Fold with Inductor
CVSS 5.3
CVE-2025-39803 HIGH
Linux Kernel 6.13-6.16.3 - Reachable Assertion in UFS UIC Command Completion Handler
CVSS 7.8
CVE-2025-39801 MEDIUM
Linux Kernel 3.2-6.16.4 DoS via Endpoint Command Timeout
CVSS 5.5
CVE-2025-39768 MEDIUM
Linux Kernel 6.16-6.16.3 - Reachable Assertion in Complex Rules Rehash Logic
CVSS 5.5
Details
Vulnerabilities 748
Links
MITRE CWE Entry Search this CWE With Exploits