Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23350

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-05 Aug, 2024 | 14:21
Updated At-05 Aug, 2024 | 15:02
Rejected At-
Credits

Reachable Assertion in Multi Mode Call Processor

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:05 Aug, 2024 | 14:21
Updated At:05 Aug, 2024 | 15:02
Rejected At:
â–¼CVE Numbering Authority (CNA)
Reachable Assertion in Multi Mode Call Processor

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon
Platforms
  • Snapdragon Auto
  • Snapdragon Mobile
Default Status
unaffected
Versions
Affected
  • AR8035
  • FastConnect 6900
  • FastConnect 7800
  • QCA6174A
  • QCA6584AU
  • QCA6698AQ
  • QCA8081
  • QCA8337
  • QCC710
  • QCN6224
  • QCN6274
  • QEP8111
  • QFW7114
  • QFW7124
  • Snapdragon 8 Gen 3 Mobile Platform
  • Snapdragon Auto 5G Modem-RF Gen 2
  • Snapdragon X35 5G Modem-RF System
  • Snapdragon X72 5G Modem-RF System
  • Snapdragon X75 5G Modem-RF System
  • WCD9340
  • WCD9390
  • WCD9395
  • WSA8840
  • WSA8845
  • WSA8845H
Problem Types
TypeCWE IDDescription
CWECWE-617CWE-617 Reachable Assertion
Type: CWE
CWE ID: CWE-617
Description: CWE-617 Reachable Assertion
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html
N/A
Hyperlink: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
ar8035_firmware
CPEs
  • cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
fastconnect_6900_firmware
CPEs
  • cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
fastconnect_7800_firmware
CPEs
  • cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qca6174a_firmware
CPEs
  • cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qca6584au_firmware
CPEs
  • cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qca6698aq_firmware
CPEs
  • cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qca8081_firmware
CPEs
  • cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qca8337_firmware
CPEs
  • cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qcc710_firmware
CPEs
  • cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qcn6224_firmware
CPEs
  • cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qcn6274_firmware
CPEs
  • cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qep8111_firmware
CPEs
  • cpe:2.3:o:qualcomm:qep8111_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qfw7114_firmware
CPEs
  • cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
qfw7124_firmware
CPEs
  • cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
snapdragon_8_gen_3_mobile_platform_firmware
CPEs
  • cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
snapdragon_auto_5g_modem-rf_gen_2_firmware
CPEs
  • cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
snapdragon_x35_5g_modem-rf_system_firmware
CPEs
  • cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
snapdragon_x72_5g_modem-rf_system_firmware
CPEs
  • cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
snapdragon_x75_5g_modem-rf_system_firmware
CPEs
  • cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
wcd9340_firmware
CPEs
  • cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
wcd9390_firmware
CPEs
  • cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
wcd9395_firmware
CPEs
  • cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
wsa8840_firmware
CPEs
  • cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
wsa8845_firmware
CPEs
  • cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Qualcomm Technologies, Inc.qualcomm
Product
wsa8845h_firmware
CPEs
  • cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:05 Aug, 2024 | 15:15
Updated At:26 Nov, 2024 | 15:48

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

Qualcomm Technologies, Inc.
qualcomm
>>wsa8845h_firmware>>-
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wsa8845h>>-
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wsa8845_firmware>>-
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wsa8845>>-
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wsa8840_firmware>>-
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wsa8840>>-
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wcd9395_firmware>>-
cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wcd9395>>-
cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wcd9390_firmware>>-
cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wcd9390>>-
cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wcd9340_firmware>>-
cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>wcd9340>>-
cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_x75_5g_modem-rf_system_firmware>>-
cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_x75_5g_modem-rf_system>>-
cpe:2.3:h:qualcomm:snapdragon_x75_5g_modem-rf_system:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_x72_5g_modem-rf_system_firmware>>-
cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_x72_5g_modem-rf_system>>-
cpe:2.3:h:qualcomm:snapdragon_x72_5g_modem-rf_system:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_x35_5g_modem-rf_system_firmware>>-
cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_x35_5g_modem-rf_system>>-
cpe:2.3:h:qualcomm:snapdragon_x35_5g_modem-rf_system:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_auto_5g_modem-rf_gen_2_firmware>>-
cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_auto_5g_modem-rf_gen_2>>-
cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf_gen_2:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_8_gen_3_mobile_platform_firmware>>-
cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>snapdragon_8_gen_3_mobile_platform>>-
cpe:2.3:h:qualcomm:snapdragon_8_gen_3_mobile_platform:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qfw7124_firmware>>-
cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qfw7124>>-
cpe:2.3:h:qualcomm:qfw7124:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qfw7114_firmware>>-
cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qfw7114>>-
cpe:2.3:h:qualcomm:qfw7114:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qep8111_firmware>>-
cpe:2.3:o:qualcomm:qep8111_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qep8111>>-
cpe:2.3:h:qualcomm:qep8111:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcn6274_firmware>>-
cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcn6274>>-
cpe:2.3:h:qualcomm:qcn6274:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcn6224_firmware>>-
cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcn6224>>-
cpe:2.3:h:qualcomm:qcn6224:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcc710_firmware>>-
cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qcc710>>-
cpe:2.3:h:qualcomm:qcc710:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca8337_firmware>>-
cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca8337>>-
cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca8081_firmware>>-
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca8081>>-
cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6698aq_firmware>>-
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6698aq>>-
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au_firmware>>-
cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au>>-
cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a_firmware>>-
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a>>-
cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>fastconnect_7800_firmware>>-
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>fastconnect_7800>>-
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>fastconnect_6900_firmware>>-
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>fastconnect_6900>>-
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ar8035_firmware>>-
cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>ar8035>>-
cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-617Secondaryproduct-security@qualcomm.com
CWE-617Primarynvd@nist.gov
CWE ID: CWE-617
Type: Secondary
Source: product-security@qualcomm.com
CWE ID: CWE-617
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.htmlproduct-security@qualcomm.com
Vendor Advisory
Hyperlink: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

108Records found

CVE-2023-44175
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 22:59
Updated-19 Sep, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-617
Reachable Assertion
CVE-2021-3430
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.07%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 19:45
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ

Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-617
Reachable Assertion
CVE-2025-52964
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 15:06
Updated-23 Jan, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-617
Reachable Assertion
CVE-2025-48020
Matching Score-4
Assigner-Yokogawa Group
ShareView Details
Matching Score-4
Assigner-Yokogawa Group
CVSS Score-6||MEDIUM
EPSS-0.23% / 13.63%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 04:54
Updated-02 Mar, 2026 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vpvnet\/ip_interface_packageVnet/IP Interface Package
CWE ID-CWE-617
Reachable Assertion
CVE-2025-48019
Matching Score-4
Assigner-Yokogawa Group
ShareView Details
Matching Score-4
Assigner-Yokogawa Group
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.47%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 04:51
Updated-02 Mar, 2026 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vpvnet\/ip_interface_packageVnet/IP Interface Package
CWE ID-CWE-617
Reachable Assertion
CVE-2020-1681
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.29%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 20:31
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-617
Reachable Assertion
CVE-2020-13595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 54.37%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 14:59
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.

Action-Not Available
Vendor-espressifn/a
Product-esp-idfesp32n/a
CWE ID-CWE-617
Reachable Assertion
CVE-2019-6473
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 52.00%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:22
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-keaKea
CWE ID-CWE-617
Reachable Assertion
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found