CWE-617
683 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-617page 12 of 14
- CVE-2025-21654MEDIUMCVSS 5.5EG 5.52025-01-19
In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for…
- CVE-2025-21721MEDIUMCVSS 5.5EG 5.52025-02-27
In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported b…
- CVE-2025-21754MEDIUMCVSS 5.5EG 5.52025-02-27
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all exist…
- CVE-2025-22919MEDIUMCVSS 6.5EG 6.52025-02-18
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
- CVE-2025-24798MEDIUMCVSS 4.3EG 4.32025-07-10
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a mali…
- CVE-2025-27066HIGHCVSS 7.5EG 7.52025-08-06
Transient DOS while processing an ANQP message.
- CVE-2025-27073HIGHCVSS 7.5EG 7.52025-08-06
Transient DOS while creating NDP instance.
- CVE-2025-29339HIGHCVSS 7.5EG 7.52025-04-22
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid…
- CVE-2025-30034MEDIUMCVSS 6.2EG 6.22025-08-12
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated loc…
- CVE-2025-31160LOWCVSS 2.9EG 2.92025-03-26
atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs ato…
- CVE-2025-32095HIGHCVSS 7.5EG 7.52025-12-25
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
- CVE-2025-32096HIGHCVSS 7.5EG 7.52025-12-25
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
- CVE-2025-34458HIGHCVSS 8.7EG 0.02025-12-22
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially cr…
- CVE-2025-36512HIGHCVSS 7.5EG 7.52025-07-22
A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to…
- CVE-2025-37864MEDIUMCVSS 5.5EG 5.52025-05-09
In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete dsa_legacy_fdb_add and dsa_legacy_fdb_del"…
- CVE-2025-37878MEDIUMCVSS 5.5EG 5.52025-05-09
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment to occur immediately after the child…
- CVE-2025-37897MEDIUMCVSS 5.5EG 5.52025-05-20
In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. This assertion is incorrect, because even if it was poss…
- CVE-2025-37930MEDIUMCVSS 5.5EG 5.52025-05-20
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveau_fence_…
- CVE-2025-38066MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves…
- CVE-2025-38223MEDIUMCVSS 5.5EG 5.52025-07-04
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted inode with unaligned file size (for exam…
- CVE-2025-38285MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/tra…
- CVE-2025-38503MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this…
- CVE-2025-38544MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will…
- CVE-2025-38637MEDIUMCVSS 5.5EG 5.52025-04-18
In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain condition…
- CVE-2025-38642MEDIUMCVSS 5.5EG 5.52025-08-22
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARN_ON for monitor mode on some devices On devices without WANT_MONITOR_VIF (and probably without channel context support) we get a WARN_ON for chan…
- CVE-2025-38690MEDIUMCVSS 5.5EG 5.52025-09-04
In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to using a bounce buffer. However the bounce buffer here i…
- CVE-2025-38701MEDIUMCVSS 5.5EG 5.52025-09-04
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL f…
- CVE-2025-38712MEDIUMCVSS 5.5EG 5.52025-09-04
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, …
- CVE-2025-39768MEDIUMCVSS 5.5EG 5.52025-09-11
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix complex rules rehash error flow Moving rules from matcher to matcher should not fail. However, if it does fail due to various reasons, the error flow …
- CVE-2025-39801MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn whe…
- CVE-2025-39803HIGHCVSS 7.8EG 7.82025-09-15
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() The UIC completion interrupt may be disabled while an UIC command is being processed. When the UI…
- CVE-2025-40777HIGHCVSS 7.5EG 7.52025-07-16
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, enco…
- CVE-2025-41067HIGHCVSS 7.5EG 7.52025-10-27
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF pr…
- CVE-2025-41068HIGHCVSS 7.5EG 7.52025-10-27
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting…
- CVE-2025-4321HIGHCVSS 7.1EG 0.02025-11-17
In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation
- CVE-2025-46149MEDIUMCVSS 5.3EG 5.32025-09-25
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
- CVE-2025-46354HIGHCVSS 7.5EG 7.52025-07-22
A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious pack…
- CVE-2025-46705HIGHCVSS 7.5EG 9.62025-11-05
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML…
- CVE-2025-47229LOWCVSS 2.9EG 2.92025-05-03
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code i…
- CVE-2025-47370MEDIUMCVSS 6.5EG 6.52025-11-04
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
- CVE-2025-47913HIGHCVSS 7.5EG 7.52025-11-13
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
- CVE-2025-48019MEDIUMCVSS 6.5EG 6.52026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and ve…
- CVE-2025-48020MEDIUMCVSS 6.5EG 6.52026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and ve…
- CVE-2025-48023MEDIUMCVSS 6.5EG 6.52026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and ve…
- CVE-2025-48704HIGHCVSS 7.5EG 7.52025-12-25
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
- CVE-2025-49088MEDIUMCVSS 5.9EG 5.92025-12-25
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafte…
- CVE-2025-49630HIGHCVSS 7.5EG 7.52025-07-10
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse…
- CVE-2025-50422LOWCVSS 2.9EG 6.52025-08-04
Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.
- CVE-2025-52958MEDIUMCVSS 5.3EG 5.32025-07-11
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evol…
- CVE-2025-52964MEDIUMCVSS 6.5EG 6.52025-07-11
A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a sp…
Map vulnerabilities like CWE-617 to your infrastructure
EchelonGraph correlates every CVE — across CWE-617 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →