Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-50722

Summary
Assigner-libreswan
Assigner Org ID-d42dc95b-23f1-4e06-9076-20753a0fb0df
Published At-02 Jul, 2026 | 21:34
Updated At-02 Jul, 2026 | 21:34
Rejected At-
Credits

IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:libreswan
Assigner Org ID:d42dc95b-23f1-4e06-9076-20753a0fb0df
Published At:02 Jul, 2026 | 21:34
Updated At:02 Jul, 2026 | 21:34
Rejected At:
â–¼CVE Numbering Authority (CNA)
IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.

Affected Products
Vendor
The Libreswan Project
Product
libreswan
Collection URL
https://github.com/libreswan/libreswan
Package Name
libreswan
Repo
https://github.com/libreswan/libreswan
Program Routines
  • RSA_authenticate_hash_signature_pkcs1_1_5_rsa
Default Status
unaffected
Versions
Affected
  • From 0 through 5.3 (semver)
Unaffected
  • 5.3.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
CWECWE-617CWE-617: Reachable Assertion
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-617
Description: CWE-617: Reachable Assertion
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
vendorSeverity
value:
MEDIUM
description:
Vendor-assessed severity: Medium. Authentication bypass requires weak RSA exponents (e=3) which have been disallowed by most cryptographic libraries for over a decade. DoS is mitigated by automatic daemon restart.
Impacts
CAPEC IDDescription
CAPEC-463Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 AUTH payloads
CAPEC-473Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use
CAPEC ID: CAPEC-463
Description: Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 AUTH payloads
CAPEC ID: CAPEC-473
Description: Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use
Solutions

Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org/security/CVE-2026-50722/

Configurations

Any server or client that accepts RSA-based IKEv2 connections via the default authby= settings is vulnerable to denial of service. Authentication bypass additionally requires the use of RSA keys with weak exponents (e=3). IKEv2 by default allows ECDSA, RSA-SSA-PSS, and RSA PKCS#1 1.5 as fallback due to Microsoft Windows not supporting RSASSA-PSS.

Workarounds

If Windows support is not needed, configure authby=ecdsa or authby=rsa-sha2 (or both via authby=ecdsa,rsa-sha2) to disallow the fallback of RSA PKCS#1 1.5. The leftauth= and rightauth= settings can be updated similarly if those are in use instead of authby.

Exploits

No known exploitation in the wild. The authentication bypass requires the target to use RSA keys with weak exponents (e=3), which have been disallowed by most cryptographic libraries for at least a decade. The denial-of-service attack is exploitable against any IKEv2 configuration using default authby= settings that permit RSA PKCS#1 v1.5 fallback.

Credits

finder
Yeonghyeon Choi
finder
Duyeong Kim
analyst
Andrew Cagney (The Libreswan Team)
Timeline
EventDate
Libreswan notified of the issue via security@libreswan.org2026-03-24 00:00:00
Advanced notice given to supported customers and distributions2026-06-16 00:00:00
Public announcement and release of libreswan 5.3.12026-06-24 00:00:00
Event: Libreswan notified of the issue via security@libreswan.org
Date: 2026-03-24 00:00:00
Event: Advanced notice given to supported customers and distributions
Date: 2026-06-16 00:00:00
Event: Public announcement and release of libreswan 5.3.1
Date: 2026-06-24 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt
vendor-advisory
https://libreswan.org/security/CVE-2026-50722/
patch
https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt
related
https://www.rfc-editor.org/rfc/rfc8017
technical-description
Hyperlink: https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt
Resource:
vendor-advisory
Hyperlink: https://libreswan.org/security/CVE-2026-50722/
Resource:
patch
Hyperlink: https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt
Resource:
related
Hyperlink: https://www.rfc-editor.org/rfc/rfc8017
Resource:
technical-description
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:d42dc95b-23f1-4e06-9076-20753a0fb0df
Published At:02 Jul, 2026 | 22:16
Updated At:02 Jul, 2026 | 22:16

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-347Secondaryd42dc95b-23f1-4e06-9076-20753a0fb0df
CWE-617Secondaryd42dc95b-23f1-4e06-9076-20753a0fb0df
CWE ID: CWE-347
Type: Secondary
Source: d42dc95b-23f1-4e06-9076-20753a0fb0df
CWE ID: CWE-617
Type: Secondary
Source: d42dc95b-23f1-4e06-9076-20753a0fb0df
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txtd42dc95b-23f1-4e06-9076-20753a0fb0df
N/A
https://libreswan.org/security/CVE-2026-50722/d42dc95b-23f1-4e06-9076-20753a0fb0df
N/A
https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txtd42dc95b-23f1-4e06-9076-20753a0fb0df
N/A
https://www.rfc-editor.org/rfc/rfc8017d42dc95b-23f1-4e06-9076-20753a0fb0df
N/A
Hyperlink: https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt
Source: d42dc95b-23f1-4e06-9076-20753a0fb0df
Resource: N/A
Hyperlink: https://libreswan.org/security/CVE-2026-50722/
Source: d42dc95b-23f1-4e06-9076-20753a0fb0df
Resource: N/A
Hyperlink: https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt
Source: d42dc95b-23f1-4e06-9076-20753a0fb0df
Resource: N/A
Hyperlink: https://www.rfc-editor.org/rfc/rfc8017
Source: d42dc95b-23f1-4e06-9076-20753a0fb0df
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

310Records found

CVE-2026-37229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.52%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 00:00
Updated-03 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the process via SIGABRT. The assertion is reached before any protocol-level validation occurs. All three E2AP protocol versions (v1.01, v2.03, v3.01) are affected.

Action-Not Available
Vendor-mosaic5gn/a
Product-flexricn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2026-37233
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.29%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 00:00
Updated-03 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of the other argument (m1->xapp_id), effectively ignoring the xApp identity dimension. A malicious xApp connected to the iApp (port 36422) can delete any other xApp's subscriptions by sending an E42_RIC_SUBSCRIPTION_DELETE_REQUEST with a matching ric_gen_id. This breaks multi-tenant isolation in any deployment with multiple xApps sharing the same RIC.

Action-Not Available
Vendor-mosaic5gn/a
Product-flexricn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2022-1183
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-4.53% / 90.39%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 09:55
Updated-17 Sep, 2024 | 04:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Destroying a TLS session early causes assertion failure

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.
Product-h500sh410s_firmwareh700s_firmwareh410c_firmwareh300s_firmwareh500s_firmwareh410sbindh410ch300sh700sBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2022-0635
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.29% / 66.61%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 11:55
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.
Product-h300eh500sh300s_firmwareh410c_firmwareh410sh300sh300e_firmwareh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700ebindh410ch700e_firmwareh700sBIND
CWE ID-CWE-617
Reachable Assertion
CVE-2018-16557
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.82% / 52.80%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_firmwaresimatic_s7-400simatic_s7-400_pn\/dp_v7simatic_s7-410_firmwaresimatic_s7-400h_firmwaresimatic_s7-410simatic_s7-400h SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 416-3 DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416F-2 DP V7 SIMATIC S7-400 CPU 414-2 DP V7SIPLUS S7-400 CPU 416-3 V7SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIMATIC S7-410 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 417-4 V7 SIMATIC S7-400 CPU 412-1 DP V7SIMATIC S7-400 CPU 412-2 PN V7
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-34063
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.21%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 19:40
Updated-24 Apr, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
network-libp2p: Peer can crash the node by opening discovery protocol substream twice

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer opens/negotiate the discovery protocol substream a second time on the same connection, the handler hits a `panic!(\"Inbound already connected\")` / `panic!(\"Outbound already connected\")` path instead of failing closed. This causes a remote crash of the networking task (swarm), taking the node's p2p networking offline until restart. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available.

Action-Not Available
Vendor-nimiqnimiq
Product-nimiq_proof-of-stakenetwork-libp2p
CWE ID-CWE-617
Reachable Assertion
CVE-2018-15822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.27% / 86.88%
||
7 Day CHG~0.00%
Published-23 Aug, 2018 | 22:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxFFmpeg
Product-ubuntu_linuxffmpegdebian_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-45290
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.49%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:25
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

Action-Not Available
Vendor-webassemblyn/aFedora Project
Product-binaryenfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-27783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.27%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-27789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.56%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-tcpreplayn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-40083
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.42% / 69.59%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 00:21
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).

Action-Not Available
Vendor-nicn/a
Product-knot_resolvern/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-49286
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-10.35% / 95.16%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:53
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Helper Process management

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-253
Incorrect Check of Function Return Value
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-38385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 74.21%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2026-27623
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.32%
||
7 Day CHG+0.08%
Published-23 Feb, 2026 | 19:43
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Valkey has Pre-Authentication DOS from malformed RESP request

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking state after processing an empty request. A malicious actor can then send a request that the server incorrectly identifies as breaking server side invariants, which results in the server shutting down. Version 9.0.3 fixes the issue. As an additional mitigation, properly isolate Valkey deployments so that only trusted users have access.

Action-Not Available
Vendor-lfprojectsvalkey-ioRed Hat, Inc.
Product-valkeyvalkeyRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2026-27135
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.28%
||
7 Day CHG+0.22%
Published-18 Mar, 2026 | 17:59
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nghttp2 Denial of service: Assertion failure due to the missing state validation

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.

Action-Not Available
Vendor-nghttp2nghttp2Red Hat, Inc.
Product-nghttp2nghttp2Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Hardened ImagesRed Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Middleware Containers for OpenShiftRed Hat JBoss Core Services on RHEL 8Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat OpenShift Container Platform 4.15Red Hat JBoss Core Services on RHEL 7 ServerRed Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat JBoss Core Services 2.4.62.SP4Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-617
Reachable Assertion
CVE-2023-4236
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-2.15% / 79.90%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 12:32
Updated-13 Feb, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
named may terminate unexpectedly under high DNS-over-TLS query load

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxh500sh410s_firmwarefedorah300s_firmwareh500s_firmwareh700s_firmwareh410c_firmwareh410sbindh410ch300sh700sBIND 9
CWE ID-CWE-617
Reachable Assertion
CVE-2021-33600
Matching Score-4
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-4
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.80%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 09:06
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Action-Not Available
Vendor-F-Secure Corporation
Product-internet_gatekeeperF-Secure Internet Gatekeeper
CWE ID-CWE-617
Reachable Assertion
CVE-2023-24843
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.30%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Modem

Transient DOS in Modem while triggering a camping on an 5G cell.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6431sd865_5gsxr2130_firmwarewcd9370qca8081_firmwarear8035_firmwareqca6696sm7250-absnapdragon_888_5g_mobile_platformwcd9341_firmwaresm8250-ab_firmwareqcn6024qca6426wcn6740_firmwarefastconnect_6700sm7325-af_firmwarewsa8815_firmwaresm7325-ae_firmwaresm8250-abqca8337_firmwareqca8337qca6426_firmwareqcm6490_firmwaresm8350-ac_firmwaresm7250p_firmwarewcd9341snapdragon_855_mobile_platformwsa8810_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_780g_5g_mobile_platformfastconnect_6800_firmwaresm8150-acqcn6024_firmwaresm7250psnapdragon_695_5g_mobile_platformsnapdragon_780g_5g_mobile_platform_firmwarewcn6740sm7250-aa_firmwaresnapdragon_695_5g_mobile_platform_firmwarefastconnect_6800315_5g_iot_modem_firmwaresm8250-acfastconnect_7800_firmwarefastconnect_6900wcd9385_firmware315_5g_iot_modemqca6421fastconnect_6900_firmwaresnapdragon_x55_5g_modem-rf_systemwcd9380snapdragon_888_5g_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwarewcd9360snapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platformqca6421_firmwaresnapdragon_auto_5g_modem-rf_firmwarewsa8810sm4350-acsm8350-acvideo_collaboration_vc3_platformqca6595ausnapdragon_865_5g_mobile_platform_firmwaresd855qca6431_firmwarewcd9385qca6436_firmwaresnapdragon_8\+_gen_1_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwaresm8250-ac_firmwaresnapdragon_690_5g_mobile_platformwcd9370_firmwaresdx55_firmwaresnapdragon_auto_5g_modem-rfsnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250-ab_firmwareqca6574asm7325-aesxr2130sm7325pqcm6490sm8150-ac_firmwaresnapdragon_855_mobile_platform_firmwarewcn3988qcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemqcn9024sd855_firmwareqca6436snapdragon_480_5g_mobile_platform_firmwaresm7325-afwsa8835qca6595au_firmwareqca6391_firmwareqca6696_firmwareqcn9024_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwarefastconnect_6200_firmwaresm7250-aaqca8081wsa8815wsa8830snapdragon_8\+_gen_1_mobile_platform_firmwarear8035qca6574a_firmwaresdx55wcd9375_firmwareqca6391snapdragon_778g_5g_mobile_platform_firmwaresnapdragon_480_5g_mobile_platformsnapdragon_8_gen_1_mobile_platformsm7250-acfastconnect_6200fastconnect_7800sm7325p_firmwaresd865_5g_firmwarewcd9360_firmwarewcd9375wcn3988_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwaresm4350-ac_firmwarewsa8835_firmwareqcs6490sm7250-ac_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platformwsa8830_firmwareSnapdragonwcn6740_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca8337_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platform_firmwarewcd9380_firmware315_5g_iot_modem_firmwareqcm6490_firmwareqca6431_firmwarefastconnect_6900_firmwarewcd9360_firmwarewcn3988_firmwarefastconnect_6700_firmwareqcn9024_firmwarewsa8810_firmwaresnapdragon_888_5g_mobile_platform_firmwarewcd9341_firmwarefastconnect_7800_firmwareqca6595au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwaresxr2130_firmwareqca6696_firmwareqcs6490_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqca6391_firmwarewcd9385_firmwareqcn6024_firmwaresnapdragon_855_mobile_platform_firmwarewcd9370_firmwaresm7325p_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewsa8815_firmwarewsa8835_firmwareqca6574a_firmwarefastconnect_6200_firmwaresnapdragon_695_5g_mobile_platform_firmwaresdx55_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcd9375_firmwareqca8081_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaresm7250p_firmwareqca6436_firmwarear8035_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6421_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2023-40462
Matching Score-4
Assigner-Sierra Wireless Inc.
ShareView Details
Matching Score-4
Assigner-Sierra Wireless Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.63%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:53
Updated-13 Feb, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Action-Not Available
Vendor-sierrawirelessSierraWirelessDebian GNU/Linux
Product-es450rv55lx60aleoslx40gx450debian_linuxrv50xmp70ALEOS
CWE ID-CWE-617
Reachable Assertion
CVE-2026-2523
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.52% / 40.33%
||
7 Day CHG~0.00%
Published-16 Feb, 2026 | 00:02
Updated-23 Feb, 2026 | 10:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-617
Reachable Assertion
CVE-2023-38976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 74.41%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 00:00
Updated-07 Oct, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.

Action-Not Available
Vendor-weaviaten/a
Product-weaviaten/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-3139
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.31%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 17:07
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_server_eusBIND
CWE ID-CWE-617
Reachable Assertion
CVE-2026-23991
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.53% / 40.89%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 02:16
Updated-17 Feb, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
go-tuf affected by client DoS via malformed server response

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a denial of service. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key. Version 2.3.1 fixes the issue. No known workarounds are available.

Action-Not Available
Vendor-theupdateframeworktheupdateframework
Product-go-tufgo-tuf
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-37024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 48.62%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 00:00
Updated-23 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-37029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.14%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 00:00
Updated-27 Jan, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-magman/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-34868
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 49.83%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 00:00
Updated-02 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2021-36691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.79%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 19:53
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.

Action-Not Available
Vendor-libjxl_projectn/a
Product-libjxln/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-33043
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.06%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:04
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Modem

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwarewsa8845_firmwaresm7315_firmwarewsa8832wsa8840wcn3991_firmwaresdx57m_firmwareqcs8550_firmwarewcd9370qca8081_firmwaresm7315ar8035_firmwaresm8475wsa8830_firmwarewcd9385wcd9395_firmwareqcn6024qcs4490_firmwaresd888_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_7c\+_gen_3_compute_firmwarewcn6740_firmwarewcd9390_firmwarewcn6750sm7325-af_firmwarewsa8815_firmwaresm7325-ae_firmwarewsa8832_firmwarewcn6750_firmwareqca8337_firmwarewcd9370_firmwareqca8337snapdragon_x70_modem-rf_system_firmwarewcd9395qcm6490_firmwaresm7325-aeqcm4490wcn785x-5sm8350-ac_firmwaresm4350qcm4490_firmwarewcd9390sm7325pwcn785x-5_firmwarewcn3950qcm6490wsa8810_firmwarewsa8845h_firmwarewcn3998sm8550p_firmwarewcn3998_firmwareqcm8550wcn3988qcs6490_firmwaresm8450snapdragon_x65_5g_modem-rf_systemqcn9024snapdragon_x65_5g_modem-rf_system_firmwaresm7325-afsnapdragon_7c\+_gen_3_computewsa8835wsa8840_firmwaresm4350_firmwaresm7350-ab_firmwareqca6391_firmwarewcn3991sm6375_firmwaresdx57mqcn9024_firmwareqcn6024_firmwarewsa8845hwcd9380_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarewcn685x-1_firmwareqca8081wsa8815sm4375sm8350wsa8830sm8550psm4375_firmwaresd888snapdragon_4_gen_2_mobile_platformwcn785x-1_firmwaresm6375ar8035wcn685x-5wcn6740wcd9375_firmwaresm8450_firmwareqca6391snapdragon_x70_modem-rf_systemwcn785x-1sm8475_firmwarewcn3950_firmwarewcd9385_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcd9380qcs8550wcn685x-1sm7325p_firmwareqcs4490wcd9375wcn685x-5_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845wcn3988_firmwaresm7350-abvideo_collaboration_vc3_platform_firmwaresm4350-ac_firmwarewsa8835_firmwaresm8350_firmwarewsa8810qcs6490snapdragon_8\+_gen_2_mobile_platformsm4350-acsm8350-acvideo_collaboration_vc3_platformSnapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2026-22990
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.03%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 15:24
Updated-16 Jun, 2026 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-617
Reachable Assertion
CVE-2021-30273
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.93%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwaresd678mdm9640_firmwaresa6150p_firmwaresa8145p_firmwareqcs610sm6250p_firmwarecsrb31024mdm9628_firmwaremdm9650wcn3950_firmwaremdm9250sa8150p_firmwareqca6595au_firmwaresd730_firmwarewcd9370sd_675_firmwaresd675_firmwareqca6584au_firmwarewcn3990_firmwareqca9377sa415msdw2500_firmwaresd_8cx_firmwarewcn3950mdm9628sd720gmdm9206_firmwareqsw8573_firmwarewcn3660bqca6584qca6574au_firmwareqca6595auwcd9375_firmwaremsm8909wapq8009w_firmwarewcn3610_firmwaremdm9207qca6564au_firmwareqca6584ausa6155p_firmwareqca9367_firmwarewcd9306mdm8207sd429qca9367qca4004_firmwaremdm9607_firmwaresa415m_firmwarewcn3988_firmwaresa6145p_firmwaresd205sd429_firmwaresm6250wcd9306_firmwarewcd9340sa8195pwcd9335sa6155pqca6174a_firmwaremdm9250_firmwareqca6696_firmwarewcd9375sd_8cxsa8150psm6250_firmwaremdm9207_firmwareqca4004sda429wsd210wcn3620_firmwaresdx20_firmwarewcn3988wcn3620sa8195p_firmwareqca6564aar6003wcn3610mdm9640wcn3991sda429w_firmwarewcd9380_firmwarewcn3990sd_675sdm429wmsm8996au_firmwarewcd9330qca6564ausdx24qet4101_firmwaremsm8909w_firmwareqca6574msm8996ausdm429w_firmwaresd665_firmwarewcd9380sm6250pqcs410qca6574amdm9206qca6174asdx24_firmwarewcd9335_firmwarewcn3980mdm9615qsw8573mdm9205qca6574_firmwarewcd9340_firmwaresd665qca6584_firmwaremdm9650_firmwaremdm9215_firmwarewcn3660b_firmwareqca6574a_firmwarewcn3980_firmwaresd730wcd9330_firmwarear6003_firmwaresd678_firmwarecsrb31024_firmwaresdx20mdm9215qca6574ausa8155p_firmwaremdm9607sd205_firmwareqca6564a_firmwareapq8009wsd210_firmwareqcs610_firmwaresa6145papq8096ausa8145pmdm8207_firmwareqca6696mdm9205_firmwarewcd9370_firmwaresa6150psdw2500apq8096au_firmwaresa8155psd675mdm9615_firmwareqet4101sd720g_firmwareqcs410_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
CWE ID-CWE-617
Reachable Assertion
CVE-2021-30332
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.55% / 41.78%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 04:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible assertion due to improper validation of OTA configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwaresm6375wcn3991wsa8830qca8337_firmwarewcd9380_firmwaresd780gqca8337sd865_5gsdx55m_firmwarewcn6856_firmwarewcd9360_firmwaresd888sdx65wsa8835qcx315_firmwarewcd9380sd765g_firmwaresd888_5gqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6574asd690_5g_firmwarewcn6855_firmwaresm7325pqca6426wcn6750wcn3998wcd9385_firmwaresdxr2_5g_firmwaresa515msd_8_gen1_5g_firmwaresm6375_firmwarewsa8815sm7325p_firmwarewcn6850sd765qca6426_firmwaresm7315_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwaresd768g_firmwareqca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwaresm7315qca6391wcd9360qca6436_firmwaresdx55mwcn6740_firmwaresd778gsdx65_firmwaresa515m_firmwareqcs6490qcm6490_firmwaresdxr2_5gsd480_firmwarewcn6851_firmwarewcn3988_firmwareqca6574ausd778g_firmwarewsa8810_firmwaresd765gwcd9341_firmwaresd480sd765_firmwaresd870qca6436wcn6851wsa8810wcn6855qca8081wcn6856wcd9385wcd9341sd768gqca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarewcn6740qca6696qca6391_firmwareqca6390ar8035sd750g_firmwarewcd9375sd780g_firmwarewcd9370_firmwaresdx55sd888_firmwarewsa8830_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250pqcx315sm8475wcn6750_firmwarear8035_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.62% / 88.12%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13749
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.59% / 88.03%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.67% / 88.29%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13751
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.62% / 88.12%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-13746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.03% / 89.35%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20401
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 47.71%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8791tmt6883nr15mt6855mt8771mt2735mt6890mt6893mt6877mt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6833mt6889mt6873mt6880MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2016-9397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.59% / 88.02%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Action-Not Available
Vendor-n/aJasPerFedora Project
Product-jasperfedoran/a
CWE ID-CWE-617
Reachable Assertion
CVE-2016-9398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.98% / 92.42%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Action-Not Available
Vendor-n/aJasPeropenSUSESUSEFedora Project
Product-linux_enterprise_desktopjasperleaplinux_enterprise_serverfedoralinux_enterprise_software_development_kitn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2023-23759
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.50%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 21:21
Updated-21 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).

Action-Not Available
Vendor-Facebook
Product-fizzfizz
CWE ID-CWE-617
Reachable Assertion
CVE-2016-8864
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-38.73% / 98.40%
||
7 Day CHG~0.00%
Published-02 Nov, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.Red Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-enterprise_linux_eusdebian_linuxenterprise_linux_serverenterprise_linux_workstationdata_ontap_edgeenterprise_linux_server_tusenterprise_linux_desktopbindsolidfireenterprise_linux_server_aussteelstore_cloud_integrated_storagen/a
CWE ID-CWE-617
Reachable Assertion
CVE-2026-10795
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-3.58% / 87.98%
||
7 Day CHG+0.60%
Published-11 Jun, 2026 | 05:34
Updated-11 Jun, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution.

Action-Not Available
Vendor-davidanderson
Product-UpdraftPlus: WP Backup & Migration Plugin
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-35073
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.89%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830qca8337_firmwarewcd9380_firmwaresd780gqca8337sd865_5gqca6431_firmwaresdx55m_firmwarewcn6856_firmwarewcd9360_firmwaresd888sdx65wsa8835wcd9380sd765g_firmwaresd888_5gqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6574asd690_5g_firmwarewcn6855_firmwaresm7325pqca6426wcn6750wcn3998wcd9385_firmwaresdxr2_5g_firmwaresa515msd_8_gen1_5g_firmwaresd855wsa8815sm7325p_firmwarewcn6850sd765qca6426_firmwaresm7315_firmwareqca6574a_firmwaresd695sd768g_firmwaresdx55_firmwareqca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwaresm7315qca6391wcd9360qca6436_firmwaresdx55mqca6421_firmwarewcn6740_firmwaresd778gsdx65_firmwaresa515m_firmwareqcs6490qcm6490_firmwaresdxr2_5gsd480_firmwarewcn6851_firmwarewcn3988_firmwareqca6421sd778g_firmwarewsa8810_firmwaresd765gwcd9341_firmwaresd480sd765_firmwaresd870qca6436wcn6851wsa8810wcn6855qca8081wcn6856wcd9385wcd9341sd695_firmwaresd768gqca6431qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwarewcn6740qca6696qca6391_firmwareqca6390ar8035sd750g_firmwarewcd9375sd780g_firmwarewcd9370_firmwaresdx55sd888_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250psm8475wcn6750_firmwarear8035_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41901
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.34%
||
7 Day CHG-0.01%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow

TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2023-44175
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 22:59
Updated-19 Sep, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-617
Reachable Assertion
CVE-2024-53856
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 35.88%
||
7 Day CHG+0.01%
Published-05 Dec, 2024 | 15:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rPGP Panics on Malformed Untrusted Input

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

Action-Not Available
Vendor-rpgp
Product-rpgp
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-148
Improper Neutralization of Input Leaders
CWE ID-CWE-617
Reachable Assertion
CVE-2023-39534
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 55.06%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 13:12
Updated-13 Feb, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed GAP submessage triggers assertion failure

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.

Action-Not Available
Vendor-eprosimaeProsimaDebian GNU/Linux
Product-fast_ddsdebian_linuxFast-DDS
CWE ID-CWE-617
Reachable Assertion
CVE-2025-69534
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.84%
||
7 Day CHG+0.10%
Published-05 Mar, 2026 | 00:00
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

Action-Not Available
Vendor-python-markdownn/aRed Hat, Inc.
Product-markdownn/aRed Hat Developer Hub 1.9Red Hat OpenShift AI (RHOAI)Multicluster Engine for KubernetesRed Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat OpenShift Container Platform 4Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6.16 for RHEL 9Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat OpenShift AI 2.25Red Hat Satellite 6.18 for RHEL 9Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat OpenShift Dev SpacesRed Hat Satellite 6External Secrets Operator for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Enterprise Linux 8Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-617
Reachable Assertion
CVE-2021-1938
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.59% / 43.79%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:30
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fsm10055qca2066sa6150p_firmwaresm6250p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca6431_firmwarewcd9360_firmwareqcn5124qca4024_firmwarewcn3950_firmwaresc8180x\+sdx55ipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335qca2062qcn5064sd_455_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125ipq8076aqsm8350_firmwaresd710_firmwareqsm8350sd460_firmwaresm7315_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwareqca6420wcd9360qca6438_firmwareipq8070_firmwarewhs9410_firmwareipq8078a_firmwarewcn3999ipq5028ipq8072_firmwareipq4029_firmwareqcs6125sa8155_firmwareipq6010sd662_firmwareqcs405qca6430sc8280xp_firmwarewcd9340sdm830_firmwaresd765gqca6436wcn6851sa6155pqcs603_firmwareqca9888_firmwareqcn6122wcd9341qca2066_firmwareqca6431qca6696_firmwarewcd9371sd870_firmwaresd750gqca1062qcn5154_firmwarewcn3910_firmwaresd_8cxsa8150pwsa8830_firmwareqca9992_firmwaresd660sd865_5g_firmwaresd855_firmwaresd712wcn3988qca6438sd660_firmwaresa8195p_firmwareqcn5121qcn5022_firmwareqcn7606_firmwarewcn6750_firmwareqca9898ipq4028qca6428_firmwareipq5018_firmwarewcn3991ipq4018_firmwareqca8337_firmwarewcd9380_firmwareipq8072aqca9980_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164sd670_firmwareqca6574csr8811_firmwarewcd9380qcn5054_firmwareqcs410qcn5024sd690_5g_firmwaresdx50m_firmwareqca8072_firmwareqcn9012_firmwareqca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850sd7cpmp8074_firmwarewcn3910qca6320sd_8c_firmwareqca6426_firmwareqca9984ipq6028ipq8064sd835pmp8074qcn9024wcn3980_firmwarewcn6745_firmwaresd730qcn5550_firmwaresdx55mipq8064_firmwareqca6421_firmwareqca2062_firmwarewcn6740_firmwareqcn5064_firmwaresd678_firmwarear8031_firmwareipq8078_firmwareqcn5054wcn6851_firmwareqcs603ipq8070qca9994qca9980sd670qcn9024_firmwareipq8174_firmwaresd_636_firmwareqca6564a_firmwareqcm4290_firmwaresd480sd870wcn6855qcn7605_firmwareqcn5121_firmwareqcs610_firmwaresa6145pipq6018sdxr1ar8031qca6595_firmwareqcs405_firmwaresa8145psdm630_firmwareqca6391_firmwareqca4024wcd9370_firmwareqca2064sd780g_firmwaresdx55sd888_firmwaresc8280xpqcn5021_firmwaresa8155pcsra6640sd675ar8035_firmwareqcm2290qcn7606qcn5024_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa8145p_firmwareqca1062_firmwareqcs2290_firmwaresd7c_firmwarecsrb31024sd_636csra6620fsm10055_firmwareqcn9072qca9992qcs4290sd765g_firmwareqca6420_firmwareipq8069_firmwareqca6390_firmwareqca2064_firmwaresd690_5gipq6000sd730_firmwarewcd9370sd675_firmwareipq8072qcn5152_firmwareqca6426qca6584au_firmwarewcn3990_firmwareqcn9000_firmwareqca9984_firmwareipq5018sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewhs9410wcd9326_firmwareqcn7605wcn6745ipq8074aqca2065sd662qcn5124_firmwareqca1064sa8155qca6320_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwareipq5010qca6564au_firmwareqca6584ausd778gsa6155p_firmwareqca6310ipq8174sa515m_firmwareqca9990sdxr2_5gqcn5052sdm630sa415m_firmwarewcn3988_firmwareqcn9074sa6145p_firmwareqca6421sd778g_firmwaresm6250sd712_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwareqcs4290_firmwarewcd9385qca2065_firmwareqca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375ar8035sc8180x\+sdx55_firmwaresm6250_firmwarecsr8811qcn9100_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwareqca6564aqcm6125_firmwareqca8072qcm2290_firmwarewcn3990qcn9000sd_675sd780gsd865_5gqca6595ar9380_firmwareqcn9012sd888qcn6122_firmwarewsa8835sd665_firmwaresd888_5gsm6250pqcn5154qca8075_firmwareipq4018qca6574aipq6005_firmwarewcn6855_firmwareqca9889qca6174asm7325pqca9888qca6310_firmwareipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwaresa515mqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665ipq8076qca6175asd765qca6574a_firmwareqcn5021ipq8069qcn5152sd768g_firmwaresd850_firmwaresm7315sd460qca6391sdxr1_firmwareipq6005aqt1000_firmwareqcn9100qcm4290csrb31024_firmwaresdx50mqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwaresd_455ipq8074_firmwareqca6574auqca9889_firmwaresd710sa8155p_firmwareqcn5122wcd9341_firmwareqcm6125wsa8810wcn6856sd_8cqcn5022sd835_firmwaresd768gipq6010_firmwareqca1064_firmwarewcn6740qca6696sd845_firmwaresa6150pqca8075qcn9022_firmwareqcn6024qcn9022sd845qca9990_firmwareipq8070aqcn9072_firmwaresm7250psdm830ipq6000_firmwaresd720g_firmwareipq8071_firmwareqcn9074_firmwareqcs410_firmwareipq4029qca6175a_firmwaresd850Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-617
Reachable Assertion
CVE-2021-1925
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.29%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaresm6250p_firmwareipq4028_firmwareqfe4455fc_firmwareqca8337ar9380ipq8173_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqln1030qpa8688pm6125qcn5124qat5522_firmwarewcn3950_firmwarepm8150asc8180x\+sdx55qdm5670qca6595au_firmwareqpm5541_firmwareqpa5581_firmwaresa6155pm7150lqpa8821pm8998_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaresa415mwcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125qsw8573_firmwareqsm8350_firmwareqsw8574_firmwareqsm8350sd460_firmwaresmb2351_firmwaresd6905gqpa4360_firmwareqca8081_firmwarewcn3998_firmwarepm855pqca6420pm6150aqpm6670_firmwareipq8070_firmwareipq8078a_firmwarepm660_firmwarepm8150bipq8072_firmwaresa8155_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9340sdm830_firmwaresd765gsdr660qfs2630_firmwaresdr865qdm5620_firmwareqca9888_firmwaresmr545qca6696_firmwareqln5020wcd9371sd870_firmwareqca1062qcn5154_firmwarepmm855au_firmwaresa8150ppm6350qdm5621qtc800sqat3514_firmwareqca9992_firmwaresd660qet6105sd712pm640p_firmwaresd660_firmwareqcn5121qcn5022_firmwareqcn7606_firmwareqat5516_firmwarepm6150lsd8885gpm855l_firmwareqca6428_firmwareqtc410sipq4018_firmwarewcn3991qca9980_firmwareqpa8801ipq8078pm8150l_firmwareipq8173qat5533_firmwaresdx55m_firmwaresdxr25gqpa8673_firmwarepm6150smb1354_firmwaresd670_firmwareqca6574qfs2630qpa8842csr8811_firmwaresdr052_firmwarewcd9380sd850qln4640qcs410qpm5579_firmwaresmb1380_firmwarepmk8350_firmwareqcn5024pm855p_firmwaresmb1381qfe3100_firmwarepm7250qpa8803qcn9012_firmwaresdxr25g_firmwareqdm2301ipq6018_firmwarewcd9340_firmwarewsa8815wcn6850qfe2101_firmwarepmp8074_firmwareqdm5621_firmwareqdm2301_firmwareqpm6375ipq6028ipq8064sd835pmp8074wcn3980_firmwarewcn6745_firmwaresd730pm660l_firmwarepm6250_firmwarepm8008pm8350b_firmwareqtm525_firmwarepme605_firmwareqcn5064_firmwarepme605sd678_firmwareipq8078_firmwareqpm5621_firmwareqcn5054qln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqca9994qpa8802_firmwareqln4640_firmwareqca9980qpm5621qcn9024_firmwareipq8174_firmwarepm8009_firmwareqpm6582qfs2580_firmwaresd670wcn6855qcn7605_firmwarepm8150lpmi8998_firmwareqcs610_firmwaresa6145ppm660a_firmwarear8031qpm5577wtr2965sdm630_firmwaresa2150pqca6391_firmwarepm8150qca4024wcd9370_firmwareqat3516_firmwaresdx55qcn5021_firmwarecsra6640qat3555_firmwareqpa8803_firmwarepm855bsmb2351qln1031qcn7606qpm5870wsa8830pm660qet6110_firmwareqca1062_firmwareqpm6325pm6125_firmwareqbt1500qpa5581csrb31024pmx24_firmwareqbt1500_firmwareqpm5870_firmwareqca9992qet6100pmm855auqca6420_firmwaresmb1396pm7150asd675_firmwareipq8072pm8350qpa5461_firmwareqpa4361_firmwarepm8350c_firmwareqca6426wcn3990_firmwareqca9984_firmwareqca9377qpm5641wcd9385_firmwareqdm5650_firmwareqpa4340_firmwarewcd9326_firmwarewhs9410pm7250_firmwaresdr845_firmwareqdm5620qln1021aqipq8074asmb1380pmk8002_firmwareqsw6310_firmwaresa8155qln1031_firmwareqdm4650_firmwareqcn5122_firmwarepmm6155au_firmwareqat5533sdx55_firmwareqcn6023_firmwaresm7250p_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6584auqpm4641qat5515_firmwareipq8174pm855qpm8830_firmwarepm8250qcn5052qfe2082fc_firmwaresdm630qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwareqcn9074wcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwareqpm5677qat5515qat3514wcd9326wcd9335pm6350_firmwareqcn6023pm8004_firmwaresdr8150_firmwareqtc800h_firmwareqpm5620qpm4630qca6390qca9898_firmwaresd750g_firmwareaqt1000wcd9375sc8180x\+sdx55_firmwarepmm8195ausm6250_firmwareqln4642qpm5677_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwaresmr525_firmwarepm8998wtr3925_firmwareqpm8820_firmwareqln1020_firmwareqpm6621_firmwarepm670a_firmwareqcm6125_firmwarepmx55_firmwareqbt1000_firmwareqca6595pm8150_firmwaresmb1398_firmwareqpm8830qat5522pm8150cpmr735bsd665_firmwareqpa4360pmk8003_firmwareqcn5154qca8075_firmwareqpa4361ipq6005_firmwareqpm4640_firmwareqpm5577_firmwarewcn6855_firmwareqdm5679_firmwarepm8350csmr525qca9888qca6310_firmwareipq8070a_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwareqca6175asd765qca6574a_firmwareqpm4630_firmwareqat3555sd850_firmwareqpa5461qfe2082fcsd8c_firmwarewtr2965_firmwarepm670_firmwarecsrb31024_firmwareqfs2608qcn9070_firmwaresd480_firmwareqln1036aqqtc801sipq6028_firmwareipq8072a_firmwareqpm5641_firmwareqca9889_firmwaresd710qcn5122pm8008_firmwareqln1035bd_firmwareqpm6621pmr735a_firmwarepmx50qcn5022sdr8250sd768gqca1064_firmwareqln1030_firmwarepm8004pm640lpmk8002qca8075qcn6024qcn9022sd845sd455_firmwaresdm830ipq6000_firmwareqcs410_firmwareqca6175a_firmwareqpa5580qpm5579qca2066sa6150p_firmwareqcs610qcn5550qpm5620_firmwareqdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwareqca4024_firmwarepm855a_firmwareipq8078aqtc800hsa8150p_firmwareqcs2290sdr8250_firmwareqca6335qcn5064csra6620_firmwareqcs605_firmwareqln1020smr546_firmwareqdm5671csra6640_firmwarepmc1000hqpm4650_firmwareqat3518sd8csdr425_firmwaresmr526_firmwareipq8076aqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca6428qdm5652qca6574au_firmwareqcn5164_firmwareipq8071qpm8870wcd9375_firmwareqpm5679qbt2000sa6155_firmwarewcd9360qca6438_firmwarepmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarewcn3999qdm3301_firmwareqsm7250ipq4029_firmwareqcs6125ipq6010sd662_firmwareqcs405qfe3440fcqdm2308_firmwarersw8577_firmwareqca6436wcn6851sa6155pqcs603_firmwareqpa6560sdr675_firmwarepmc7180wcd9341qca2066_firmwareqca6431qdm4643_firmwareqet4100_firmwaresd750gwcn3910_firmwareqpm5657qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988qca6438wtr3925qfe2080fcsdr052sa8195p_firmwaresmb1390qca9898ipq4028qet4100qpa8686_firmwareipq5018_firmwareqpm6585qca8337_firmwarewcd9380_firmwaresmb1355ipq8072aqln4650qtc800t_firmwaresdr735g_firmwarewgr7640ipq8076a_firmwareqat5568qdm5671_firmwareqet5100qca6564auqpa8801_firmwareqtm527_firmwaresd636wcn6856_firmwarepm8005_firmwareqcn5164qet4101_firmwarepm7250bqln4642_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqcn5054_firmwareqet4200aq_firmwaresdx50m_firmwaresdr735smb1395pm660lar8151smr526qca8072_firmwarewtr5975qca6430_firmwarepmk8003qcn5052_firmwareqtc801s_firmwareqat3522_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqsw8573qcs605qbt1000sd7cqca6320wcn3910qca6426_firmwarepm8350_firmwareqca9984qcn9024pm8009qpa8675qcn5550_firmwaresdr051_firmwaresdx55mipq8064_firmwarepm670aqca6421_firmwareqat3518_firmwareqsw8574pmi8998sd6905g_firmwarear8031_firmwarepm855lwcn6851_firmwareqdm5670_firmwareipq8070sd8655gpm7150a_firmwarepm8150b_firmwaresmr545_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwaresd480sd870qcn5121_firmwaresd8885g_firmwarepm670qdm5677pm8005ipq6018pm855_firmwareqdm2302pmm6155ausdxr1pm855b_firmwareqca6595_firmwareqcs405_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwareqln4650_firmwareqpm5875qet5100msa8155psd675qet4101qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwareqcn5024_firmwarewcn3991_firmwareqdm5652_firmwarepmm8155au_firmwareqfe4465fcqcn9070sd678sdr051qln5030qcs2290_firmwarepm4125pmi632qpa2625_firmwarepm456sd7c_firmwareqfe2081fc_firmwarepm8350bh_firmwarecsra6620pmr735b_firmwareqet5100_firmwareqpm4621qcn9072qet6100_firmwarepm670l_firmwaresdr660gsd455sd765g_firmwareqpa8686ipq8069_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370qcn5152_firmwaresdr425pmr525_firmwareqca6584au_firmwareqcn9000_firmwareipq5018ar8151_firmwarepmi632_firmwareqcn7605qpm5541qat5516wcn6745sd662qpa8821_firmwareqcn5124_firmwaresdr660g_firmwarepm8350bhqca1064pm3003aqca6320_firmwareqca6595auwcn3999_firmwareqca6436_firmwareqtc800tsmb1354ipq5010qca6564au_firmwareqdm2305sa6155p_firmwareqca6310qpm8820qpm2630qfe2081fcqln5020_firmwaresa515m_firmwareqca9990smb1398sa6145p_firmwaresdr675sm6250sd712_firmwarewsa8810_firmwaresd765_firmwareqdm5677_firmwareqca8081qet4200aqipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwarepmm8155auqln5040_firmwarepm4125_firmwarear8035csr8811qpa8673qdm2310qln5030_firmwareqcn9100_firmwaresmb1396_firmwarewcn6850_firmwarewsa8835_firmwareqca6564asmr546pmx24qet6110qln5040qca8072qcm2290_firmwareqpm8895sdr845qpm5670wcn3990qcn9000qtm527qfe3440fc_firmwarear9380_firmwarepmk8350qcn9012pmc7180_firmwarepm8350bqdm2307_firmwarewsa8835qpm5657_firmwaresm6250pqln1035bdpm855asdr660_firmwareipq4018qca6574asmb1390_firmwareqca9889qca6174aipq8074qca9994_firmwareqpm4640qet5100m_firmwareipq8076_firmwareqpm4650qtm525sa515msa2150p_firmwarewtr6955sd855sm4125_firmwaresd8cxipq8076wtr6955_firmwarepm640pqcn5021ipq8069qcn5152sd768g_firmwaresdr865_firmwareqfe4465fc_firmwarepm8250_firmwaresd460qca6391sd8cx_firmwaresdxr1_firmwaresmb1351ipq6005aqt1000_firmwareqcn9100qpm8895_firmwarepm660aqpa4340sdx50mpm640asdr8150smb1395_firmwareqdm4650pmd9655ipq8074_firmwareqca6574ausa8155p_firmwareqsw6310qet6105_firmwaresd8655g_firmwarewcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwareqat5568_firmwareqdm2308qat3550wcn6856qdm5679sd835_firmwareipq6010_firmwarepm3003a_firmwareqca6696qtc800s_firmwaresmb1381_firmwaresd845_firmwareqpa2625sa6150pqcn9022_firmwareqpa8688_firmwareqca9990_firmwareipq8070apmm8195au_firmwareqcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwareqpm4621_firmwareipq4029sd636_firmwarepm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-617
Reachable Assertion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found