CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2017-12168 (GCVE-0-2017-12168)
Vulnerability from cvelistv5
Published
2017-09-20 08:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - assert failure
Summary
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Linux kernel before 4.9 |
Version: Linux kernel before 4.9 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:28:16.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel before 4.9", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel before 4.9" } ] } ], "datePublic": "2017-09-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "assert failure CWE-617", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-20T07:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12168", "datePublished": "2017-09-20T08:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-7478 (GCVE-0-2017-7478)
Vulnerability from cvelistv5
Published
2017-05-15 18:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
OpenVPN Technologies, Inc | openvpn |
Version: 2.3.12 and newer |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "41993", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/41993/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "name": "1038473", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038473" }, { "name": "98444", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openvpn", "vendor": "OpenVPN Technologies, Inc", "versions": [ { "status": "affected", "version": "2.3.12 and newer" } ] } ], "datePublic": "2017-05-11T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-15T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "41993", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/41993/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "name": "1038473", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038473" }, { "name": "98444", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98444" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7478", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "openvpn", "version": { "version_data": [ { "version_value": "2.3.12 and newer" } ] } } ] }, "vendor_name": "OpenVPN Technologies, Inc" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-617" } ] } ] }, "references": { "reference_data": [ { "name": "41993", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41993/" }, { "name": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits", "refsource": "CONFIRM", "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "name": "1038473", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038473" }, { "name": "98444", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98444" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7478", "datePublished": "2017-05-15T18:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-7479 (GCVE-0-2017-7479)
Vulnerability from cvelistv5
Published
2017-05-15 18:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
OpenVPN Technologies, Inc | openvpn |
Version: < 2.3.15 Version: < 2.4.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "name": "1038473", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038473" }, { "name": "DSA-3900", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3900" }, { "name": "98443", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98443" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openvpn", "vendor": "OpenVPN Technologies, Inc", "versions": [ { "status": "affected", "version": "\u003c 2.3.15" }, { "status": "affected", "version": "\u003c 2.4.2" } ] } ], "datePublic": "2017-05-11T00:00:00", "descriptions": [ { "lang": "en", "value": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "name": "1038473", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038473" }, { "name": "DSA-3900", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3900" }, { "name": "98443", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98443" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "openvpn", "version": { "version_data": [ { "version_value": "\u003c 2.3.15" }, { "version_value": "\u003c 2.4.2" } ] } } ] }, "vendor_name": "OpenVPN Technologies, Inc" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-617" } ] } ] }, "references": { "reference_data": [ { "name": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits", "refsource": "CONFIRM", "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "name": "1038473", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038473" }, { "name": "DSA-3900", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3900" }, { "name": "98443", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98443" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7479", "datePublished": "2017-05-15T18:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-7539 (GCVE-0-2017-7539)
Vulnerability from cvelistv5
Published
2018-07-26 14:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:04:11.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:2628", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2628" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b" }, { "name": "RHSA-2017:3473", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3473" }, { "name": "RHSA-2017:3470", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3470" }, { "name": "RHSA-2017:3472", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3472" }, { "name": "RHSA-2017:3474", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3474" }, { "name": "RHSA-2017:3471", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3471" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19" }, { "name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2017/07/21/4" }, { "name": "RHSA-2017:3466", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3466" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539" }, { "name": "99944", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99944" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Qemu", "vendor": "QEMU", "versions": [ { "status": "affected", "version": "2.10.1" } ] } ], "datePublic": "2017-06-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server\u0027s initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-27T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2017:2628", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2628" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b" }, { "name": "RHSA-2017:3473", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3473" }, { "name": "RHSA-2017:3470", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3470" }, { "name": "RHSA-2017:3472", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3472" }, { "name": "RHSA-2017:3474", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3474" }, { "name": "RHSA-2017:3471", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3471" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19" }, { "name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2017/07/21/4" }, { "name": "RHSA-2017:3466", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3466" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539" }, { "name": "99944", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99944" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7539", "datePublished": "2018-07-26T14:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-08-05T16:04:11.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-12543 (GCVE-0-2018-12543)
Vulnerability from cvelistv5
Published
2018-11-15 15:00
Modified
2024-08-05 08:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The Eclipse Foundation | Eclipse Mosquitto |
Version: 1.5 < unspecified Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:38:06.301Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Mosquitto", "vendor": "The Eclipse Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "1.5", "versionType": "custom" }, { "lessThanOrEqual": "1.5.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-15T14:57:01", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Mosquitto", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "1.5" }, { "version_affected": "\u003c=", "version_value": "1.5.2" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-617: Reachable Assertion" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12543", "datePublished": "2018-11-15T15:00:00", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2024-08-05T08:38:06.301Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-0003 (GCVE-0-2019-0003)
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-17 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Incomplete assertion Reachable Assertion Denial of Service CAPEC: .262 Manipulate System Resources .262.607 Obstruction .262.607.582 Route Disabling .262.607.582.584 BGP Route Disabling
Summary
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Juniper Networks | Junos OS |
Version: 12.1X46 < 12.1X46-D77 Version: 12.3X48 < 12.3X48-D70 Version: 15.1X49 < 15.1X49-D140 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:37:07.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/JSA10902" }, { "name": "106544", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106544" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "SRX Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "12.1X46-D77", "status": "affected", "version": "12.1X46", "versionType": "custom" }, { "lessThan": "12.3X48-D70", "status": "affected", "version": "12.3X48", "versionType": "custom" }, { "lessThan": "15.1X49-D140", "status": "affected", "version": "15.1X49", "versionType": "custom" } ] }, { "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "12.3R12-S10", "status": "affected", "version": "12.3", "versionType": "custom" }, { "lessThan": "15.1R3", "status": "affected", "version": "15.1", "versionType": "custom" }, { "lessThan": "15.1F3", "status": "affected", "version": "15.1F", "versionType": "custom" } ] }, { "platforms": [ "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "14.1X53-D47", "status": "affected", "version": "14.1X53", "versionType": "custom" } ] }, { "platforms": [ "EX2300/EX3400" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "15.1X53-D59", "status": "affected", "version": "15.1X53", "versionType": "custom" } ] } ], "configurations": [ { "lang": "en", "value": "The following maximal parent* configuration is required:\n set protocols bgp group [FLOWSPEC]\nand\n set policy-options policy-statement\n set routing-options flow term-order\n\nSpecific child* relationship configuration details vary by implementation which may introduce this vulnerability.\n\n*\"parent\" and \"child\" as in a parent-child tree structure relationship within the CLI." } ], "datePublic": "2019-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "Incomplete assertion \nCWE-617: Reachable Assertion\nDenial of Service\n\nCAPEC:\n.262 Manipulate System Resources\n.262.607 Obstruction\n.262.607.582 Route Disabling\n.262.607.582.584 BGP Route Disabling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-16T10:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/JSA10902" }, { "name": "106544", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106544" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1 and all subsequent releases." } ], "source": { "advisory": "JSA10902", "defect": [ "1116761" ], "discovery": "USER" }, "title": "Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core.", "workarounds": [ { "lang": "en", "value": "Disable BGP flowspec.\nThere are no other available workarounds for this issue." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2019-01-09T17:00:00.000Z", "ID": "CVE-2019-0003", "STATE": "PUBLIC", "TITLE": "Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core." }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "affected": "\u003c", "platform": "SRX Series", "version_affected": "\u003c", "version_name": "12.1X46", "version_value": "12.1X46-D77" }, { "affected": "\u003c", "version_affected": "\u003c", "version_name": "12.3", "version_value": "12.3R12-S10" }, { "affected": "\u003c", "platform": "SRX Series", "version_affected": "\u003c", "version_name": "12.3X48", "version_value": "12.3X48-D70" }, { "affected": "\u003c", "platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100", "version_affected": "\u003c", "version_name": "14.1X53", "version_value": "14.1X53-D47" }, { "affected": "\u003c", "version_affected": "\u003c", "version_name": "15.1", "version_value": "15.1R3" }, { "affected": "\u003c", "version_affected": "\u003c", "version_name": "15.1F", "version_value": "15.1F3" }, { "affected": "\u003c", "platform": "SRX Series", "version_affected": "\u003c", "version_name": "15.1X49", "version_value": "15.1X49-D140" }, { "affected": "\u003c", "platform": "EX2300/EX3400", "version_affected": "\u003c", "version_name": "15.1X53", "version_value": "15.1X53-D59" } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "configuration": [ { "lang": "en", "value": "The following maximal parent* configuration is required:\n set protocols bgp group [FLOWSPEC]\nand\n set policy-options policy-statement\n set routing-options flow term-order\n\nSpecific child* relationship configuration details vary by implementation which may introduce this vulnerability.\n\n*\"parent\" and \"child\" as in a parent-child tree structure relationship within the CLI." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400." } ] }, "exploit": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incomplete assertion \nCWE-617: Reachable Assertion\nDenial of Service\n\nCAPEC:\n.262 Manipulate System Resources\n.262.607 Obstruction\n.262.607.582 Route Disabling\n.262.607.582.584 BGP Route Disabling" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.juniper.net/JSA10902", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10902" }, { "name": "106544", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106544" } ] }, "solution": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1 and all subsequent releases." } ], "source": { "advisory": "JSA10902", "defect": [ "1116761" ], "discovery": "USER" }, "work_around": [ { "lang": "en", "value": "Disable BGP flowspec.\nThere are no other available workarounds for this issue." } ] } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2019-0003", "datePublished": "2019-01-15T21:00:00Z", "dateReserved": "2018-10-11T00:00:00", "dateUpdated": "2024-09-17T00:10:42.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-14851 (GCVE-0-2019-14851)
Vulnerability from cvelistv5
Published
2021-03-18 19:04
Modified
2024-08-05 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:26:39.132Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "nbdkit", "vendor": "n/a", "versions": [ { "status": "affected", "version": "nbdkit 1.12.8, nbdkit 1.14.2, nbdkit 1.15.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-18T19:04:21", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-14851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "nbdkit", "version": { "version_data": [ { "version_value": "nbdkit 1.12.8, nbdkit 1.14.2, nbdkit 1.15.2" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-617" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259" }, { "name": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14851", "datePublished": "2021-03-18T19:04:21", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.132Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-5020 (GCVE-0-2019-5020)
Vulnerability from cvelistv5
Published
2019-07-31 16:38
Modified
2024-08-04 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Yara Object |
Version: Yara 3.8.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Yara Object", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Yara 3.8.1" } ] } ], "descriptions": [ { "lang": "en", "value": "An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-19T17:32:54", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5020", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Yara Object", "version": { "version_data": [ { "version_value": "Yara 3.8.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability." } ] }, "impact": { "cvss": { "baseScore": 6.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-617: Reachable Assertion" } ] } ] }, "references": { "reference_data": [ { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781" } ] } } } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5020", "datePublished": "2019-07-31T16:38:21", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:40:49.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-10761 (GCVE-0-2020-10761)
Vulnerability from cvelistv5
Published
2020-06-09 12:07
Modified
2024-08-04 11:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:14:14.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2020/06/09/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761" }, { "name": "openSUSE-SU-2020:1108", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0001/" }, { "name": "USN-4467-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4467-1/" }, { "name": "GLSA-202011-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202011-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "QEMU:", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "all QEMU versions before QEMU 5.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-11T05:06:16", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2020/06/09/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761" }, { "name": "openSUSE-SU-2020:1108", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200731-0001/" }, { "name": "USN-4467-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4467-1/" }, { "name": "GLSA-202011-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202011-09" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10761", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "QEMU:", "version": { "version_data": [ { "version_value": "all QEMU versions before QEMU 5.0.1" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service." } ] }, "impact": { "cvss": [ [ { "vectorString": "5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-617" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2020/06/09/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/06/09/1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761" }, { "name": "openSUSE-SU-2020:1108", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html" }, { "name": "https://security.netapp.com/advisory/ntap-20200731-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0001/" }, { "name": "USN-4467-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4467-1/" }, { "name": "GLSA-202011-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-09" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10761", "datePublished": "2020-06-09T12:07:53", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:14.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-15194 (GCVE-0-2020-15194)
Vulnerability from cvelistv5
Published
2020-09-25 18:40
Modified
2024-08-04 13:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
tensorflow | tensorflow |
Version: < 1.15.4 Version: >= 2.0.0, < 2.0.3 Version: >= 2.1.0, < 2.1.2 Version: >= 2.2.0, < 2.2.1 Version: >= 2.3.0, < 2.3.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:08:22.713Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382" }, { "name": "openSUSE-SU-2020:1766", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tensorflow", "vendor": "tensorflow", "versions": [ { "status": "affected", "version": "\u003c 1.15.4" }, { "status": "affected", "version": "\u003e= 2.0.0, \u003c 2.0.3" }, { "status": "affected", "version": "\u003e= 2.1.0, \u003c 2.1.2" }, { "status": "affected", "version": "\u003e= 2.2.0, \u003c 2.2.1" }, { "status": "affected", "version": "\u003e= 2.3.0, \u003c 2.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "{\"CWE-617\":\"Reachable Assertion\"}", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-20", "description": "{\"CWE-20\":\"Improper Input Validation\"}", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T15:06:16", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382" }, { "name": "openSUSE-SU-2020:1766", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ], "source": { "advisory": "GHSA-9mqp-7v2h-2382", "discovery": "UNKNOWN" }, "title": "Denial of Service in Tensorflow", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15194", "STATE": "PUBLIC", "TITLE": "Denial of Service in Tensorflow" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "tensorflow", "version": { "version_data": [ { "version_value": "\u003c 1.15.4" }, { "version_value": "\u003e= 2.0.0, \u003c 2.0.3" }, { "version_value": "\u003e= 2.1.0, \u003c 2.1.2" }, { "version_value": "\u003e= 2.2.0, \u003c 2.2.1" }, { "version_value": "\u003e= 2.3.0, \u003c 2.3.1" } ] } } ] }, "vendor_name": "tensorflow" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"" } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "{\"CWE-617\":\"Reachable Assertion\"}" } ] }, { "description": [ { "lang": "eng", "value": "{\"CWE-20\":\"Improper Input Validation\"}" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1" }, { "name": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54" }, { "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382" }, { "name": "openSUSE-SU-2020:1766", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html" } ] }, "source": { "advisory": "GHSA-9mqp-7v2h-2382", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15194", "datePublished": "2020-09-25T18:40:46", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.713Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Implementation
Description:
- Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
Mitigation
Phase: Implementation
Strategy: Input Validation
Description:
- Perform input validation on user data.
No CAPEC attack patterns related to this CWE.