QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-617

Back to CWE list

CWE-617

Reachable Assertion

Base
Draft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

{"xhtml:p":["While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service.","For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service."]}

Common Consequences

Scope

Availability

Impact

DoS: Crash, Exit, or Restart

Potential Mitigations

Implementation

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Implementation

Perform input validation on user data.

CVE-2024-8768

API server for LLM library can crash when provided an empty prompt, which triggers a reachable assertion

CVE-2023-49286

Chain: function in web caching proxy does not correctly check a return value (CWE-253) leading to a reachable assertion (CWE-617)

CVE-2006-6767

FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.

CVE-2006-6811

Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.

CVE-2006-5779

Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

CVE-2006-4095

Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.

CVE-2006-4574

Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.

CVE-2004-0270

Anti-virus product has assert error when line length is non-numeric.

Applicable Platforms

Not Language-Specific
C
Java
Rust

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now