CWE-617: Reachable Assertion — known CVE vulnerabilities
CVEs classified under CWE-617 (Reachable Assertion), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2020-3615 — CVSS 9.8 (critical): Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to…
CVE-2019-9795 — CVSS 9.8 (critical): A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to…
CVE-2026-31739 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver…
CVE-2020-12417 — CVSS 8.8 (high): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a…
CVE-2026-29116: A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet…
CVE-2025-34458: wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the…
CVE-2024-24429 — CVSS 8.6 (high): A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a…
CVE-2024-34235 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37023 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its…
CVE-2023-37021 — CVSS 8.6 (high): Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37020 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37019 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37018 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37017 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37016 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-37015 — CVSS 8.6 (high): Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An…
CVE-2023-49286 — CVSS 8.6 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is…
CVE-2021-30335 — CVSS 8.4 (high): Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon…
CVE-2026-46117 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()…
CVE-2026-31398 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch…
CVE-2025-39803 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()…
CVE-2023-52621 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers…
CVE-2024-25445 — CVSS 7.8 (high): Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.
CVE-2021-36409 — CVSS 7.8 (high): There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows…
CVE-2019-14049 — CVSS 7.8 (high): Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in…
CVE-2018-19963 — CVSS 7.8 (high): An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS…
CVE-2017-7605 — CVSS 7.8 (high): aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of…
CVE-2026-41485 — CVSS 7.7 (high): Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type…
CVE-2021-1422 — CVSS 7.7 (high): A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense…
CVE-2026-37233 — CVSS 7.5 (high): FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in…
CVE-2026-37229 — CVSS 7.5 (high): FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated…
CVE-2026-37228 — CVSS 7.5 (high): FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive…
CVE-2026-37227 — CVSS 7.5 (high): FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the…
CVE-2026-37225 — CVSS 7.5 (high): FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer…
CVE-2026-37224 — CVSS 7.5 (high): FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID…
CVE-2026-37223 — CVSS 7.5 (high): FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a…
CVE-2026-37222 — CVSS 7.5 (high): FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated…
CVE-2026-37221 — CVSS 7.5 (high): FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The…
CVE-2026-37220 — CVSS 7.5 (high): FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between…
CVE-2026-41584 — CVSS 7.5 (high): ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions…
CVE-2025-56568 — CVSS 7.5 (high): Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of…
CVE-2026-34063 — CVSS 7.5 (high): Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p…
CVE-2026-4046 — CVSS 7.5 (high): The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the…
CVE-2026-3608 — CVSS 7.5 (high): Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket…
CVE-2026-27135 — CVSS 7.5 (high): nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading…
CVE-2026-22990 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If…
CVE-2025-13878 — CVSS 7.5 (high): Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43…