Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-36512

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-22 Jul, 2025 | 15:26
Updated At-23 Jul, 2025 | 15:21
Rejected At-
Credits

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:22 Jul, 2025 | 15:26
Updated At:23 Jul, 2025 | 15:21
Rejected At:
▼CVE Numbering Authority (CNA)

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

Affected Products
Vendor
Bloomberg
Product
Comdb2
Versions
Affected
  • 8.1
Problem Types
TypeCWE IDDescription
CWECWE-617CWE-617: Reachable Assertion
Type: CWE
CWE ID: CWE-617
Description: CWE-617: Reachable Assertion
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Discovered by a member of Cisco Talos.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
exploit
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:22 Jul, 2025 | 16:15
Updated At:22 Aug, 2025 | 16:18

A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
bloomberg
bloomberg
>>comdb2>>8.1
cpe:2.3:a:bloomberg:comdb2:8.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-617Secondarytalos-cna@cisco.com
CWE ID: CWE-617
Type: Secondary
Source: talos-cna@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200talos-cna@cisco.com
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

250Records found
CVE-2023-34194
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.40%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

Action-Not Available
Vendor-tinyxml_projectn/a
Product-tinyxmln/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-32842
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-4.20% / 88.29%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6896mt6855mt6990nr17mt6873mt6893mt2735mt6886mt6983mt6891mt6298nr16mt6883mt6980dmt6297mt6813mt6835mt6880mt6875mt6889mt2737mt6985mt6890mt6833mt6885mt6989mt6877nr15mt6853mt6980mt6875tmt6895mt6897mt6815mt6895tmt6879MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990
CWE ID-CWE-617
Reachable Assertion
CVE-2023-32841
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-1.55% / 80.69%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846).

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6896mt6855mt6990nr17mt6873mt6893mt2735mt6886mt6983mt6891mt6298nr16mt6883mt6980dmt6297mt6813mt6835mt6880mt6875mt6889mt2737mt6985mt6890mt6833mt6885mt6989mt6877nr15mt6853mt6980mt6875tmt6895mt6897mt6815mt6895tmt6879MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990
CWE ID-CWE-617
Reachable Assertion
CVE-2023-33095
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Multi-Mode Call Processor

Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431qcm8550_firmwarewsa8845_firmwaresd865_5gwsa8832snapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwaresxr2130_firmwarewcd9370qca8081_firmwaresnapdragon_860_mobile_firmwaresnapdragon_x35_5g_modem-rfar8035_firmwareqca6696snapdragon_778g\+_5g_mobilesnapdragon_x70_modem-rf_firmwarewcd9340_firmwarewcd9341_firmwarewcd9395_firmwareqcn6024sd888_firmwareqcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_780g_5g_mobilesnapdragon_750g_5g_mobilesnapdragon_782g_mobile_firmwarewsa8815_firmwarewsa8832_firmwareqca8337_firmwareqca8337qca6426_firmwarewcd9395sg8275p_firmwareqcm6490_firmwaresnapdragon_690_5g_mobile_firmwaresm7250p_firmwarewcd9341qcm4490_firmwarewcd9390snapdragon_888\+_5g_mobile_firmwarewcn3950wsa8810_firmwarewsa8845h_firmwaresnapdragon_870_5g_mobile_firmwaresnapdragon_778g_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_690_5g_mobilefastconnect_6800_firmwaresnapdragon_778g\+_5g_mobile_firmwaresnapdragon_870_5g_mobileqcn6024_firmwaresm7250pqca6584auqcn6274_firmwaresd888qcc710snapdragon_xr2_5g_firmwarewcn6740snapdragon_768g_5g_mobilesnapdragon_780g_5g_mobile_firmwaresnapdragon_8_gen_3_mobile_firmwarefastconnect_6800qfw7114_firmware315_5g_iot_modem_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_865_5g_mobile_firmwareqep8111qfw7114wcd9385_firmware315_5g_iot_modemqca6421fastconnect_6900_firmwarewcd9380wcd9360snapdragon_xr2_5gsnapdragon_x65_5g_modem-rfqcs4490wsa8845qca6421_firmwaresnapdragon_auto_5g_modem-rf_firmwarewsa8810snapdragon_888_5g_mobile_firmwarevideo_collaboration_vc3_platformqca6595ausnapdragon_888_5g_mobilesnapdragon_4_gen_1_mobile_firmwaresm7315_firmwarewsa8840sd855qcs8550_firmwaresnapdragon_782g_mobilesnapdragon_x35_5g_modem-rf_firmwareqca6431_firmwaresm7315snapdragon_8_gen_2_mobile_firmwaresnapdragon_x55_5g_modem-rfqfw7124_firmwareqca6698aq_firmwareqca6436_firmwaresnapdragon_4_gen_2_mobile_firmwaresnapdragon_888\+_5g_mobilewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_x55_5g_modem-rf_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobilesnapdragon_865\+_5g_mobileqep8111_firmwaresg8275psnapdragon_855\+_mobilewcd9370_firmwaresdx55_firmwaresnapdragon_765_5g_mobilesnapdragon_860_mobilesnapdragon_auto_5g_modem-rfqca6574asnapdragon_8\+_gen_2_mobilesxr2130qcm4490qca6174asnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6174a_firmwareqcm6490sm7325psm8550p_firmwareqcm8550wcn3988qcs6490_firmwaresnapdragon_765_5g_mobile_firmwareqcn9024qca6584au_firmwaresd855_firmwareqcn6274qca6436qfw7124snapdragon_x70_modem-rfwsa8835qca6595au_firmwareqca6391_firmwarewsa8840_firmwaresnapdragon_855_mobile_firmwareqca6696_firmwareqcn9024_firmwaresdx57mwsa8845hwcd9380_firmwareqca8081wsa8815snapdragon_765g_5g_mobile_firmwarewsa8830sm8550psnapdragon_x75_5g_modem-rfsnapdragon_768g_5g_mobile_firmwarear8035qca6574a_firmwaresdx55snapdragon_4_gen_1_mobilesnapdragon_4_gen_2_mobilesnapdragon_865_5g_mobilesnapdragon_855\+_mobile_firmwarewcd9375_firmwareqca6391qcn6224snapdragon_865\+_5g_mobile_firmwareqca6698aqwcn3950_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sm7325p_firmwaresd865_5g_firmwarewcd9360_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375snapdragon_765g_5g_mobilewcn3988_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilesnapdragon_855_mobilesnapdragon_778g_5g_mobilefastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragonqca6574a_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewsa8832_firmwareqcs4490_firmwareqep8111_firmwareqca6431_firmwaresnapdragon_x35_5g_modem-rf_system_firmwaresdx57m_firmwareqca6696_firmwaresd888_firmwareqcn9024_firmwarewsa8835_firmwaresd855_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqca8337_firmwaresm7325p_firmwarewcn3988_firmwarefastconnect_6700_firmwareqca6595au_firmwaresnapdragon_855_mobile_platform_firmwarewcd9390_firmwareqcm6490_firmwaresm8550p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqcs6490_firmwarefastconnect_6200_firmwarewcd9395_firmwareqcn6224_firmwaresnapdragon_888_5g_mobile_platform_firmwarewcd9375_firmwareqca6174a_firmwaresm7250p_firmwareqfw7124_firmwareqca6391_firmwaresm7315_firmwareqca6698aq_firmwaresnapdragon_x70_modem-rf_system_firmwareqca8081_firmwarefastconnect_6900_firmwarewcd9385_firmwarewcd9370_firmwarewsa8840_firmwaresxr2130_firmwarewcd9380_firmwareqca6584au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwarefastconnect_7800_firmwarewcd9341_firmwarewsa8845h_firmwareqfw7114_firmwaresnapdragon_865_5g_mobile_platform_firmwareqcm8550_firmwarewsa8830_firmwarewcd9360_firmwaresg8275p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqca6436_firmwareqcn6274_firmwareqcm4490_firmwarequalcomm_video_collaboration_vc3_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3950_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewsa8815_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_690_5g_mobile_platform_firmwarewcd9340_firmwarear8035_firmwaresnapdragon_695_5g_mobile_platform_firmware315_5g_iot_modem_firmwarefastconnect_6800_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewsa8845_firmwaresd865_5g_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6426_firmwareqcc710_firmwaresdx55_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca6421_firmwarewcn6740_firmwareqcs8550_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2023-32844
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-4.20% / 88.29%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6896mt6855mt6990nr17mt6873mt6893mt2735mt6886mt6983mt6891mt6298nr16mt6883mt6980dmt6297mt6813mt6835mt6880mt6875mt6889mt2737mt6985mt6890mt6833mt6885mt6989mt6877nr15mt6853mt6980mt6875tmt6895mt6897mt6815mt6895tmt6879MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990
CWE ID-CWE-617
Reachable Assertion
CVE-2017-3139
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.64%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 17:07
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_server_eusBIND
CWE ID-CWE-617
Reachable Assertion
CVE-2019-25037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:17
Updated-19 Nov, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2024-8768
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.94%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 16:20
Updated-27 Aug, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vllm: a completions api request with an empty prompt will crash the vllm api server.

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux AI (RHEL AI)
CWE ID-CWE-617
Reachable Assertion
CVE-2022-48363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.74%
||
7 Day CHG~0.00%
Published-26 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-automotive_grade_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-47516
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.66%
||
7 Day CHG~0.00%
Published-18 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion.

Action-Not Available
Vendor-drachtion/a
Product-drachtio-servern/a
CWE ID-CWE-617
Reachable Assertion
CVE-2019-25041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:16
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2019-25036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.16%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 05:17
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Action-Not Available
Vendor-nlnetlabsn/aDebian GNU/Linux
Product-unbounddebian_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2024-53856
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.50%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 15:24
Updated-09 Dec, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rPGP Panics on Malformed Untrusted Input

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

Action-Not Available
Vendor-rpgp
Product-rpgp
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-148
Improper Neutralization of Input Leaders
CWE ID-CWE-617
Reachable Assertion
CVE-2024-45396
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.39%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 14:36
Updated-12 Nov, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quicly assertion failures

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.

Action-Not Available
Vendor-denah2oh2o_project
Product-quiclyquiclyquicly
CWE ID-CWE-617
Reachable Assertion
CVE-2024-42644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.48%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 00:00
Updated-06 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0.

Action-Not Available
Vendor-flashmqn/a
Product-flashmqn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41893
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 34.76%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow

TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41901
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 40.61%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow

TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41899
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow

TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2024-4076
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.57%
||
7 Day CHG~0.00%
Published-23 Jul, 2024 | 14:40
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Assertion failure when serving both stale cache data and authoritative zone content

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-BIND 9bind
CWE ID-CWE-617
Reachable Assertion
CVE-2022-3924
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.00%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 21:39
Updated-31 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-bindBIND 9
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40508
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.16%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 05:08
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830315_5g_iot_modem_firmwareqca8337wcn785x-5qca6431_firmwarewcd9360_firmwaresm7250-ac_firmwareqca6595au_firmwareqca6390_firmwaresnapdragon_x70_modem-rf_systemwcd9370qca6426wcn685x-1sm7350-ab_firmwaresm8450sm4375wcn3998sm8250-abwcd9385_firmwareqcn6024_firmwaresm6375_firmwaresm7315_firmwaresnapdragon_x55_5g_modem-rf_systemqca6574au_firmwaresdx55_firmwareqca6595auwcn3998_firmwareqca8081_firmwarewcd9375_firmwaresm7250p_firmwarewcd9360qca6436_firmwaresm4350-acsnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_x70_modem-rf_system_firmwareqca6698aqsm8250_firmwaresm7250-ab_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemqca6421sm7250-aawsa8810_firmwaresm4375_firmwaresm8450_firmwareqca6436qca8081qca6698aq_firmwarewcn685x-1_firmwarewcd9385sm8150_firmwaresxr2130_firmwarewcd9341qca6431qca6696_firmwareqca6390ar8035sm4350_firmwareaqt1000wcd9375sm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm8150wcn3988wsa8815_firmwarewsa8835_firmwaresm7350-absm8475wcn6750_firmwarewcn785x-1sm6375qca8337_firmwarewcd9380_firmwaresd865_5gsm8150-acsd888wsa8835snapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380sxr2130qca6574awcn685x-5_firmwarewcn6750sm7225sm7250-absd855wsa8815sdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwareqca6574a_firmwareqcn9024wcn785x-5_firmwaresm7315sm8250-ab_firmwareqca6391snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_x50_5g_modem-rf_system_firmwareqca6421_firmwaresm6350aqt1000_firmwaresm8475_firmwarewcn6740_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemwcn685x-5sm6350_firmwarewcn785x-1_firmwareqca6574auqcn9024_firmwaresdx57mwcd9341_firmwarewsa8810sm7250-aa_firmwaresm7250-acsm8150-ac_firmwarewcn6740qca6696qca6391_firmwaresm4350wcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresnapdragon_x50_5g_modem-rf_systemsm8250qcn6024sm7250par8035_firmwareSnapdragonaqt1000_firmwarewcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcd9380_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_x70_modem-rf_system_firmware315_5g_iot_modem_firmwarewsa8835_firmwareqca6431_firmwarefastconnect_6900_firmwaresnapdragon_x50_5g_modem-rf_system_firmwarewcd9360_firmwarewcn3988_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwaresnapdragon_480_5g_mobile_platform_firmwaresxr2130_firmwareqca6696_firmwareqca6391_firmwarewcd9385_firmwareqcn6024_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresd888_firmwarewsa8830_firmwaresdx57m_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewsa8815_firmwaresm7315_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwaresdx55_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwareqca8081_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250p_firmwarewcd9375_firmwareqca6436_firmwarear8035_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6421_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40538
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.54%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn685x-5_firmwareqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcd9380_firmwarewcn685x-1_firmwarewcn685x-1snapdragon_x70_modem-rf_system_firmwaresnapdragon_x65_5g_modem-rf_systemqca8337qcs8550wcn785x-5wcn685x-5qcn6024_firmwareqcs8550_firmwarear8035wcn785x-1_firmwareqcn6024qcn9024_firmwarewcd9380qcn9024qca8081_firmwaresnapdragon_x70_modem-rf_systemwcn785x-5_firmwareqca8081ar8035_firmwarewcn785x-1Snapdragonqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwarewcd9380_firmwareqcn9024_firmwaresnapdragon_x70_modem-rf_system_firmwarefastconnect_7800_firmwareqca8081_firmwareqcn6024_firmwarefastconnect_6900_firmwareqcs8550_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2024-34475
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-04 May, 2024 | 00:00
Updated-22 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR.

Action-Not Available
Vendor-open5gsn/aopen5gs
Product-open5gsn/aopen5gs
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40527
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.16%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 04:43
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in WLAN Embedded SW

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwarewsa8830qcn9070sxr2230p_firmwareqca8337ipq8173_firmwaresdx65qcn5124qca4024_firmwareqca8082qcn9072qca8386ipq8078aipq5028_firmwareqca6390_firmwareipq6000wcd9370ssg2115pqcn5152_firmwareqca6426qcn9000_firmwareipq5018wcd9385_firmwareipq8076aqca8386_firmwareqcn6024_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareipq8074aqcn5124_firmwareqcn6100_firmwareqcn6102_firmwareqca8082_firmwaresm7315_firmwarewcn7850qcn5164_firmwareqcn5122_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwareqca6436_firmwareqcn9002ipq5010sd778gipq8070_firmwareipq8078a_firmwareqcn9274ipq8174qcn9001qcs6490ipq5028wcn7851qcn5052ipq6010qcn6112_firmwareqcn9074qca8085sd778g_firmwaresdx65mqcn6132wsa8810_firmwareqca6436wcn6851qca8081wcn7851_firmwareipq8071aqcn6023sdx65m_firmwareipq8071a_firmwarewcd9385qca8085_firmwareqca9888_firmwareqcn6122qcs6490_firmwaresd870_firmwareipq9008_firmwareqcn5154_firmwarear8035csr8811qca6390wcd9375qcn9100_firmwarewsa8830_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresm8475qcn5022_firmwarewcn6750_firmwareqca8072ipq5018_firmwareqca8337_firmwarewcd9380_firmwaressg2125pqcn9000ipq8072aipq8076a_firmwaresd865_5gipq8078qca8084qcn9001_firmwareipq8173wcn6856_firmwareipq9008qcn9012qcn5164qcn6122_firmwarewsa8835sxr1230p_firmwarecsr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwaressg2125p_firmwareqcn5024wcn6855_firmwareqca9889sm7325pqcn6132_firmwareqcn9003_firmwaresxr1230pqca9888qca8072_firmwareqcn9012_firmwareqcn5052_firmwareqcn9274_firmwareqcn9003ipq8070a_firmwarewcn6750ipq6018_firmwareipq8076_firmwarewsa8815sm7325p_firmwarewcn6850pmp8074_firmwareqcn6112ipq8076sxr2230pqca6426_firmwareqcn5021ipq6028qcn5152qcn9024pmp8074ipq9574_firmwaresm7315qca6391wcn6740_firmwareqcn6102qcn9100sdx65_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn5054qcn9070_firmwarewcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9889_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwarewsa8810sd870wsa8832wcn6855wcn6856ipq6018qcn5022ipq6010_firmwarewcn6740qca6391_firmwareqca4024wcd9370_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022ipq8070aqcn9002_firmwareqcn6100qcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwarear8035_firmwareSnapdragonqcn5024_firmwareipq5018_firmwareqca8337_firmwarewcd9380_firmwaresxr2230p_firmwareipq8076a_firmwareipq8173_firmwareqcn9001_firmwarewcn6856_firmwareqca4024_firmwareqcn6122_firmwaresxr1230p_firmwarecsr8811_firmwareipq5028_firmwareqca6390_firmwareqcn5054_firmwareqca8075_firmwaressg2125p_firmwarewcn6855_firmwareqcn5152_firmwareqcn6132_firmwareqcn9003_firmwareqca8072_firmwareqcn9000_firmwareqcn9012_firmwareqcn5052_firmwareqcn9274_firmwareipq8070a_firmwarewcd9385_firmwareqcn6024_firmwareqca8386_firmwareipq8076_firmwareipq6018_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresm7325p_firmwarepmp8074_firmwareqcn5124_firmwareqcn6100_firmwareqcn6102_firmwareqca6426_firmwaresm7315_firmwareqca8082_firmwareqcn5164_firmwareqcn5122_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwareqca6436_firmwarewcn6740_firmwareipq8070_firmwaresdx65_firmwareipq8078a_firmwareqcm6490_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwarewcn6851_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwareqca9889_firmwaresd778g_firmwareqcn9024_firmwareipq8174_firmwarewsa8810_firmwarewcn7851_firmwaresdx65m_firmwareipq8071a_firmwareqca8085_firmwareqca9888_firmwareipq6010_firmwareqcs6490_firmwaresd870_firmwareipq9008_firmwareqca6391_firmwareqcn5154_firmwarewcd9370_firmwareqcn9100_firmwareqcn9022_firmwareqcn5021_firmwarewsa8830_firmwaresd865_5g_firmwareqcn9002_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwareqcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqcn5022_firmwarewcn6750_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-40504
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.16%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 07:30
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable assertion in Modem

Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarefsm10055sm7325-ae_firmwaresa6150p_firmwaresm6250p_firmwareqcs610315_5g_iot_modem_firmwareqca8337qca6431_firmwarewcd9360_firmwarewcn3950_firmwaresc8180x\+sdx55sa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_x70_modem-rf_systemqca6335sdm712sdm670sm8350sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwareapq5053-aa_firmwarewcn685x-1qcs400_firmwaresm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwarewcn3950qcn6024_firmwaresm6375_firmwarewcn3660bsm7150-acsd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aasnapdragon_636_mobile_platformwcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420wcd9360snapdragon_auto_5g_modem-rf_firmware8909sdm450sm6225-ad_firmwareqca6698aqqcs6125sa8155_firmwaresd662_firmwaresm7250-ab_firmwareqca6430snapdragon_630_mobile_platform8905_firmwarewcd9340snapdragon_8cx_compute_platformsd626_firmwaresw5100qca64368953_firmwaresa6155pqcs603_firmwareqca6698aq_firmwarewcn685x-1_firmwarewcn3660_firmwaresm8150_firmwarewcd9341qca6431qca6696_firmwarewcd9371wcn3910_firmwaresm4350_firmwaresa8150psm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresm7225_firmwaresdm8508940snapdragon_7c\+_gen_3_compute_firmwaresd660_firmwarewcn3988sm4250-aa_firmwaresa8195p_firmwaresm8475wcn6750_firmwaresm6125_firmwarewcn3610sm6375sm6115_firmwareqca8337_firmwarewcd9380_firmwaresw5100psnapdragon_8cx_gen_2_5g_compute_platformsnapdragon_w5\+_gen_1_wearable_platformqca6564ausdm429sd670_firmwareapq8053-acsnapdragon_7c\+_gen_3_computewcd93808920_firmwareqcs410apq8053-ac_firmwaresm7150-aa_firmwaresc8180xp-ad_firmwaresd626qca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225qcm4325_firmwareqcs605wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910sdm429_firmwaresnapdragon_630_mobile_platform_firmwareqca6426_firmwaresm4450wcn3660b_firmwarewcn3680sc8180x-adqcn9024wcn3980_firmwaresd730snapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresm7150-aaqca6421_firmwaresm6350sm8475_firmwarewcn6740_firmwaresm7125snapdragon_8cx_compute_platform_firmwareqcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemwcn3680_firmwaresm7150-ab_firmwaresm8350_firmwareqcs603sdm660sm6350_firmwarewcn785x-1_firmwaresdm710sd670qcn9024_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemwsa8832sw5100p_firmwareqcs610_firmwaresa6145pqcs4490sdm439_firmwaresa8145pqca6391_firmwarewcd9370_firmwareqm215_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675snapdragon_x20_lte_modemwcn3660ar8035_firmwareqcm2290snapdragon_632_mobile_platformsdm845_firmwarewsa8830sa8145p_firmwaresm6125sdm712_firmwaresnapdragon_x24_lte_modem_firmwareqcs2290_firmwaresdm450_firmwarewcn785x-5csrb31024csra6620fsm10055_firmwaresm7250-ac_firmwareqcs4290snapdragon_x20_lte_modem_firmwareqca6420_firmwaresc7180-acqca6390_firmwaresnapdragon_auto_4g_modem_firmwaresd730_firmwarewcd93708920sd675_firmwaresm6115qca6426wcn3990_firmwaresm8450qca9377sm8250-abwcd9385_firmwarewcd9326_firmwarewcn3615_firmwaresd662sm7325-afsa8155snapdragon_x55_5g_modem-rf_systemwcn3680b_firmwaresdx55_firmwaresda\/sdm845_firmware8917_firmwarewcn3615qca6595ausm7325-af_firmwaresm7250p_firmware8953wcn3610_firmwareqca6436_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6564au_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwareapq8053-aa_firmwaresm6225snapdragon_x70_modem-rf_system_firmwareqcs6490sm8250_firmwaresm8250-acwcn3988_firmware315_5g_iot_modemsa6145p_firmwareqm215qca6421sm7250-aasm6250sa8195psxr1120sdm710_firmwareapq8017_firmwarewsa8810_firmwaresm4375_firmwaresm8450_firmwaresc7180-adwcd9326wcd9335sg4150pqca8081qcm44908917apq8053-aaqca6174a_firmwareqcs4290_firmwarewcd9385sxr2130_firmwareqcs6490_firmwaresm7150-abqca6390wcd9375ar8035aqt1000sda\/sdm8458909_firmwaresc8180x\+sdx55_firmwaresm6250_firmwaresm6150_firmwaresm8150wsa8815_firmwareqcm6490wsa8835_firmwaresnapdragon_636_mobile_platform_firmwaresm7350-abapq8017sxr1120_firmwaresg4150p_firmwarewcn785x-1qcm6125_firmwareqcm4325qcm2290_firmwareapq5053-aawcn3990sd_675sdm845sd865_5g8953prosm8350-ac_firmwaresdm439sm8150-acsd888sm6150wsa8835sc7180-ad_firmwaresnapdragon_auto_5g_modem-rfsm6250psxr2130qca6574awcn685x-5_firmwareqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresm7250-absd855sm7325p_firmwaresdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmware8940_firmware8953pro_firmwarewcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwaresd460qca6391sm8250-ab_firmwareaqt1000_firmwaresdm850_firmwareqcm4490_firmwaresnapdragon_auto_4g_modemsnapdragon_632_mobile_platform_firmwareqcm4290csrb31024_firmwareqcm6490_firmwarewsa8832_firmwaresnapdragon_xr1_platformwcn685x-5sd_455sm6225_firmwareqca6574ausa8155p_firmwarewcd9341_firmwareqcm6125wsa8810sm7250-aa_firmware8905sm7250-acsm8150-ac_firmwarewcn3680bsm8350-acwcn6740qca6696sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsa6150pqcn6024sc8180x-ad_firmwaresm7250psw5100_firmwareqcs410_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_firmwareqcs400sdm660_firmwaresnapdragon_xr1_platform_firmwaresm7325_firmwareSnapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2024-10455
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.53%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 13:30
Updated-07 Aug, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in µD3TN

Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block

Action-Not Available
Vendor-d3tnD3TNd3tn
Product-ud3tnµD3TNud3tn
CWE ID-CWE-617
Reachable Assertion
CVE-2023-24843
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Modem

Transient DOS in Modem while triggering a camping on an 5G cell.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431sd865_5gsxr2130_firmwarewcd9370qca8081_firmwarear8035_firmwareqca6696sm7250-absnapdragon_888_5g_mobile_platformwcd9341_firmwaresm8250-ab_firmwareqcn6024qca6426wcn6740_firmwarefastconnect_6700sm7325-af_firmwarewsa8815_firmwaresm7325-ae_firmwaresm8250-abqca8337_firmwareqca8337qca6426_firmwareqcm6490_firmwaresm8350-ac_firmwaresm7250p_firmwarewcd9341snapdragon_855_mobile_platformwsa8810_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_780g_5g_mobile_platformfastconnect_6800_firmwaresm8150-acqcn6024_firmwaresm7250psnapdragon_695_5g_mobile_platformsnapdragon_780g_5g_mobile_platform_firmwarewcn6740sm7250-aa_firmwaresnapdragon_695_5g_mobile_platform_firmwarefastconnect_6800315_5g_iot_modem_firmwaresm8250-acfastconnect_7800_firmwarefastconnect_6900wcd9385_firmware315_5g_iot_modemqca6421fastconnect_6900_firmwaresnapdragon_x55_5g_modem-rf_systemwcd9380snapdragon_888_5g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewcd9360snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platformqca6421_firmwaresnapdragon_auto_5g_modem-rf_firmwarewsa8810sm4350-acsm8350-acvideo_collaboration_vc3_platformqca6595ausnapdragon_865_5g_mobile_platform_firmwaresd855qca6431_firmwarewcd9385qca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm8250-ac_firmwaresnapdragon_690_5g_mobile_platformwcd9370_firmwaresdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250-ab_firmwareqca6574asm7325-aesxr2130sm7325pqcm6490sm8150-ac_firmwaresnapdragon_855_mobile_platform_firmwarewcn3988qcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemqcn9024sd855_firmwareqca6436snapdragon_480_5g_mobile_platform_firmwaresm7325-afwsa8835qca6595au_firmwareqca6391_firmwareqca6696_firmwareqcn9024_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwarefastconnect_6200_firmwaresm7250-aaqca8081wsa8815wsa8830snapdragon_8\+_gen_1_mobile_platform_firmwarear8035qca6574a_firmwaresdx55wcd9375_firmwareqca6391snapdragon_778g_5g_mobile_platform_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_8_gen_1_mobile_platformsm7250-acfastconnect_6200fastconnect_7800sm7325p_firmwaresd865_5g_firmwarewcd9360_firmwarewcd9375wcn3988_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresm4350-ac_firmwarewsa8835_firmwareqcs6490sm7250-ac_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platformwsa8830_firmwareSnapdragonwcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platform_firmwarewcd9380_firmware315_5g_iot_modem_firmwareqcm6490_firmwareqca6431_firmwarefastconnect_6900_firmwarewcd9360_firmwarewcn3988_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwaresnapdragon_888_5g_mobile_platform_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwaresxr2130_firmwareqca6696_firmwareqcs6490_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwarewcd9385_firmwareqcn6024_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresm7325p_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewsa8815_firmwarewsa8835_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_695_5g_mobile_platform_firmwaresdx55_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcd9375_firmwareqca8081_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250p_firmwareqca6436_firmwarear8035_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6421_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.37%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 00:00
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

Action-Not Available
Vendor-frroutingn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorafrroutingn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35941
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.48%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 19:45
Updated-23 Apr, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failure in `AvgPoolOp` in Tensorflow

TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35989
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 21:35
Updated-23 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `MaxPool` in TensorFlow

TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35960
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.28% / 50.80%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 20:00
Updated-23 Apr, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` failure in `TensorListReserve` in TensorFlow

TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35968
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.84%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 20:40
Updated-23 Apr, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `AvgPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36018
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:05
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `RaggedTensorToVariant` in TensorFlow

TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36003
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `RandomPoissonV2` in TensorFlow

TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36019
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:05
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow

TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35997
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:15
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `tf.sparse.cross` in TensorFlow

TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35984
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 21:40
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `ParameterizedTruncatedNormal` in TensorFlow

TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36012
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:55
Updated-23 Apr, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Assertion fail on MLIR empty edge names in TensorFlow

TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35981
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 21:15
Updated-23 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FractionalMaxPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35971
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 41.56%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 20:50
Updated-23 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVars` in TensorFlow

TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35999
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:15
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `Conv2DBackpropInput` in TensorFlow

TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36002
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `Unbatch` in TensorFlow

TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36026
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:05
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow

TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35990
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:00
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35998
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:15
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `EmptyTensorList` in TensorFlow

TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35994
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:20
Updated-23 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `CollectiveGather` in TensorFlow

TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36005
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-36016
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:10
Updated-23 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow

TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-35985
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 21:40
Updated-23 Apr, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail in `LRNGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-617
Reachable Assertion
CVE-2022-3488
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-10.10% / 92.80%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 21:37
Updated-01 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-bindBIND 9
CWE ID-CWE-617
Reachable Assertion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found