Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-13746

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Aug, 2017 | 06:00
Updated At-05 Aug, 2024 | 19:05
Rejected At-
Credits

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Aug, 2017 | 06:00
Updated At:05 Aug, 2024 | 19:05
Rejected At:
▼CVE Numbering Authority (CNA)

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/100514
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1485286
x_refsource_MISC
https://security.gentoo.org/glsa/201908-03
vendor-advisory
x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/100514
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1485286
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/201908-03
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/100514
vdb-entry
x_refsource_BID
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1485286
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/201908-03
vendor-advisory
x_refsource_GENTOO
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100514
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1485286
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201908-03
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Aug, 2017 | 06:29
Updated At:13 May, 2026 | 00:24

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

JasPer
jasper_project
>>jasper>>2.0.12
cpe:2.3:a:jasper_project:jasper:2.0.12:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-617Primarynvd@nist.gov
CWE ID: CWE-617
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/100514cve@mitre.org
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1485286cve@mitre.org
Exploit
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/cve@mitre.org
N/A
https://security.gentoo.org/glsa/201908-03cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/100514af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1485286af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201908-03af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/100514
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1485286
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201908-03
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/100514
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1485286
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ALB4SXHURLVWKAOKYRNJXPABW3M22M/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPOVZTSIQPW2H4AFLMI3LHJEZGBVEQET/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201908-03
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

943Records found

CVE-2022-36440
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.62% / 73.21%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 00:00
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

Action-Not Available
Vendor-frroutingn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorafrroutingn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-32082
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.84% / 76.39%
||
7 Day CHG+0.35%
Published-01 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Action-Not Available
Vendor-n/aMariaDB FoundationFedora Project
Product-mariadbfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2024-31744
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.01%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

Action-Not Available
Vendor-n/aJasPer
Product-n/ajasper
CWE ID-CWE-617
Reachable Assertion
CVE-2019-10894
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.59% / 91.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 03:50
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2016-9399
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.76% / 88.57%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Action-Not Available
Vendor-n/aJasPeropenSUSEFedora Project
Product-leapjasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-5679
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.32%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 14:05
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution

A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.NetApp, Inc.Fedora Project
Product-active_iq_unified_managerbindfedoraBIND 9
CWE ID-CWE-617
Reachable Assertion
CVE-2023-5517
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.32%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 14:04
Updated-13 Feb, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled

A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Action-Not Available
Vendor-Fedora ProjectNetApp, Inc.Internet Systems Consortium, Inc.
Product-bindactive_iq_unified_managerfedoraBIND 9bind_9
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13747
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.59% / 88.03%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-45290
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.49%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:25
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

Action-Not Available
Vendor-webassemblyn/aFedora Project
Product-binaryenfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-3531
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.43% / 82.20%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-ceph_storagecephfedoraceph
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2023-4236
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.90%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 12:32
Updated-13 Feb, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
named may terminate unexpectedly under high DNS-over-TLS query load

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxh500sh410s_firmwarefedorah300s_firmwareh500s_firmwareh700s_firmwareh410c_firmwareh410sbindh410ch300sh700sBIND 9
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13752
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.62% / 88.12%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13749
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.59% / 88.03%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13745
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.87% / 88.92%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

Action-Not Available
Vendor-n/aJasPer
Product-jaspern/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13750
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.67% / 88.29%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13751
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.62% / 88.12%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2016-9397
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.59% / 88.02%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2016-9398
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.98% / 92.42%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Action-Not Available
Vendor-n/aJasPeropenSUSESUSEFedora Project
Product-linux_enterprise_desktopjasperleaplinux_enterprise_serverfedoralinux_enterprise_software_development_kitn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-8623
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-6.35% / 92.79%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 20:50
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxopenSUSEInternet Systems Consortium, Inc.NetApp, Inc.Fedora ProjectSynology, Inc.
Product-ubuntu_linuxdns_serverdebian_linuxfedorabindleapsteelstore_cloud_integrated_storageBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2023-2156
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.13% / 92.58%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 00:00
Updated-02 Aug, 2024 | 06:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinux_kernelfedoraenterprise_linuxLinux kernel (RPL protocol)
CWE ID-CWE-617
Reachable Assertion
CVE-2021-28543
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-1.49% / 71.06%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 14:43
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

Action-Not Available
Vendor-varnish-cachen/aFedora Project
Product-varnish-modulesfedoravarnish-modules_klarlackn/a
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-28090
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.10% / 79.40%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 04:19
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

Action-Not Available
Vendor-torprojectn/aFedora Project
Product-torfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-25215
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-11.30% / 95.44%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 00:55
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Oracle CorporationSiemens AGFedora Project
Product-h300e500f_firmwarea250_firmwareh500scloud_backuptekelec_platform_distributionh300s_firmwareactive_iq_unified_managerh410sh300sh300e_firmwaresinec_infrastructure_network_services500fdebian_linuxh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwarea250h700ebindh700e_firmwareh700sBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2021-25218
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-3.56% / 87.92%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 18:20
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.

Action-Not Available
Vendor-Fedora ProjectInternet Systems Consortium, Inc.
Product-bindfedoraBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2020-8617
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-93.42% / 99.83%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 14:05
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Action-Not Available
Vendor-Debian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectInternet Systems Consortium, Inc.
Product-ubuntu_linuxdebian_linuxfedorabindleapBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2020-27638
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.33% / 81.49%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 12:27
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

Action-Not Available
Vendor-fastd_projectn/aDebian GNU/LinuxFedora Project
Product-fastddebian_linuxfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2020-25710
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.67% / 83.89%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 10:20
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-openldapn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linuxjboss_enterprise_web_serverfedoraenterprise_linuxopenldapjboss_enterprise_application_platformjboss_core_servicesopenldap
CWE ID-CWE-617
Reachable Assertion
CVE-2020-3481
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.20% / 86.59%
||
7 Day CHG~0.00%
Published-20 Jul, 2020 | 17:45
Updated-13 Nov, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Software Null Pointer Dereference Vulnerability

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectClamAVCanonical Ltd.Cisco Systems, Inc.
Product-ubuntu_linuxclamavdebian_linuxfedoraClamAV
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-16159
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 14:34
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

Action-Not Available
Vendor-nicn/aDebian GNU/LinuxopenSUSEFedora Project
Product-birdbackports_sledebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-0477
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5||MEDIUM
EPSS-3.58% / 88.00%
||
7 Day CHG~0.00%
Published-03 Jul, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

Action-Not Available
Vendor-email\n/aFedora Project
Product-\fedoran/a
CVE-2019-16163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.75% / 84.42%
||
7 Day CHG-0.08%
Published-09 Sep, 2019 | 15:38
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxonigurumadebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2013-6370
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.47% / 90.29%
||
7 Day CHG~0.00%
Published-21 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-json-cn/aFedora Project
Product-json-cfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-4379
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.35% / 92.79%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora Project
Product-fedoralinux_kernelLinux kernel
CWE ID-CWE-416
Use After Free
CVE-2022-43680
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 80.70%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Action-Not Available
Vendor-libexpat_projectn/aNetApp, Inc.Debian GNU/LinuxFedora Project
Product-active_iq_unified_managerh500shci_compute_nodeh700sh410cdebian_linuxh300s_firmwareh300sh500s_firmwareh410s_firmwareoncommand_workflow_automationh410c_firmwareh410shci_compute_node_firmwareh700s_firmwarelibexpatfedorasolidfire_\&_hci_management_noden/a
CWE ID-CWE-416
Use After Free
CVE-2020-26419
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-2.78% / 84.65%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 17:17
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationFedora Project
Product-wiresharkfedorazfs_storage_appliance_kitWireshark
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2013-7488
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.16% / 89.64%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 17:35
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

Action-Not Available
Vendor-convert\n/aFedora Project
Product-\fedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-26418
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-2.96% / 85.56%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 17:27
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxzfs_storage_appliance_kitfedoraWireshark
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2013-4283
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

Action-Not Available
Vendor-n/aFedora Project
Product-389_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4357
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.23% / 86.70%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 18:34
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Action-Not Available
Vendor-eglibceglibcDebian GNU/LinuxFedora ProjectNovellCanonical Ltd.
Product-ubuntu_linuxdebian_linuxfedorasuse_linux_enterprise_servereglibceglibc
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2013-4124
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-69.01% / 99.27%
||
7 Day CHG~0.00%
Published-05 Aug, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESambaRed Hat, Inc.Fedora Project
Product-ubuntu_linuxopensusefedorasambaenterprise_linuxn/a
CVE-2020-24370
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.83% / 88.82%
||
7 Day CHG-0.03%
Published-17 Aug, 2020 | 00:00
Updated-05 May, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

Action-Not Available
Vendor-luan/aDebian GNU/LinuxFedora Project
Product-luadebian_linuxfedoran/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2020-19752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 72.92%
||
7 Day CHG+0.05%
Published-07 Sep, 2021 | 19:42
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

Action-Not Available
Vendor-lcdfn/aFedora Project
Product-fedoragifsiclen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-0211
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.93% / 89.09%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Action-Not Available
Vendor-n/aFreeBSD FoundationCanonical Ltd.openSUSElibarchiveFedora Project
Product-ubuntu_linuxfreebsdlibarchivefedoraopensusen/a
CVE-2013-0312
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.73% / 84.28%
||
7 Day CHG~0.00%
Published-13 Mar, 2013 | 20:48
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.

Action-Not Available
Vendor-n/aFedora Project
Product-389_directory_servern/a
CVE-2022-40617
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.40%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Action-Not Available
Vendor-strongswanstormshieldn/aDebian GNU/LinuxFedora ProjectCanonical Ltd.
Product-fedorastrongswandebian_linuxubuntu_linuxstormshield_network_securityn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-0220
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.32% / 87.11%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.

Action-Not Available
Vendor-n/aFedora Project
Product-sssdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-35561
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-6.47% / 92.91%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JRE
CVE-2012-5645
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.25% / 89.85%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 19:57
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

Action-Not Available
Vendor-freecivfreecivFedora Project
Product-fedorafreecivfreeciv
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.60%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 19:22
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Action-Not Available
Vendor-n/aFedora ProjectGo
Product-textfedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-13962
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.01% / 85.78%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 23:14
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)

Action-Not Available
Vendor-mumbleqtn/aopenSUSEFedora Project
Product-mumblefedoraqtleapn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found