Skip to main content

CWE-617

Reachable Assertion

547 CVEs Avg CVSS 6.5 MITRE
3
CRITICAL
242
HIGH
279
MEDIUM
22
LOW
164
POC
0
KEV

Monthly

CVE-2025-56365 HIGH This Week

Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a network attacker crash the device by sending an InvokeCommandRequest to a nonexistent endpoint/cluster (e.g. 0x34), which the interaction model treats as valid and then aborts on a VerifyOrDie assertion (SIGABRT). This is a reachable-assertion bug (CWE-617) with availability-only impact and no data compromise. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the issue was acknowledged upstream and fixed in PR #37207.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-56362 HIGH This Week

Remotely triggerable denial of service in the Matter SDK (connectedhomeip) before 1.4.2 lets an attacker crash devices by driving the Level Control cluster's periodic server tick into a failed assertion (currentLevel < maxLevel). Sending a MoveToLevel command and immediately writing OperationMode=2 in the Pump Configuration and Control cluster produces an inconsistent internal state that aborts the process. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; CVSS is 7.5 with availability-only impact.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-56361 HIGH This Week

Remote denial of service in the Matter SDK (connectedhomeip) versions 1.3 through 1.4 lets unauthenticated attackers crash smart-home devices by racing a Level Control MoveToLevel command against a conflicting write to the Pump Configuration and Control cluster's OperationMode attribute, tripping a reachable assertion (minLevel < currentLevel) in the server tick callback. The abort forces the device to restart or hang, disrupting any product built on the affected SDK. No public exploit identified at time of analysis, and the issue is tracked via project-chip GitHub issue #38619 with no vendor-released patch identified.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-47475 MEDIUM This Month

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-55514 PyPI HIGH PATCH This Week

Denial of service in vLLM 0.12.0 through 0.23.x lets any authorized API caller crash the entire inference server by submitting a pure prompt-embeddings payload to the /v1/completions endpoint when a model using M-RoPE (multimodal rotary position embedding) is loaded. The malformed request trips a reachable assertion in the EngineCore process, which terminates the whole server rather than rejecting the single request. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in vLLM 0.24.0.

Denial Of Service Vllm
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-52829 Cargo HIGH PATCH GHSA This Week

Remote denial of service in the Zebra Zcash full-node (zebrad) up to and including v4.4.1 lets an unauthenticated peer deterministically crash any synced node running the standard Linux dual-stack configuration. By completing a P2P handshake over IPv4 to a `[::]` listener and then advertising a single invalid mempool transaction (e.g. a coinbase), the attacker triggers a reachable-assertion panic in the address book after a 30-second batch flush, and `panic = "abort"` terminates the process. No public exploit has been identified at time of analysis, but the advisory documents the full reproduction path; the crash is repeatable after every restart, enabling persistent downtime.

Canonical Denial Of Service
NVD GitHub
CVSS 3.1
7.5
CVE-2026-13122 MEDIUM PATCH This Month

Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 (Medium) reflects the constrained exploitation path, though VPN service disruption carries meaningful operational impact for affected operators.

Microsoft Information Disclosure Openvpn Red Hat Suse
NVD GitHub
CVSS 4.0
5.9
EPSS
0.5%
CVE-2026-53319 MEDIUM This Month

Spurious WARN_ON_ONCE calls in the Linux kernel's blk-wbt subsystem trigger unnecessary kernel warnings and stack traces under expected failure conditions - memory pressure or a pre-registered writeback throttle. Local low-privileged users can provoke this via ioctl(BLKPG) during MTD partition creation under memory-constrained conditions, generating noise in kernel logs and, on panic_on_warn-enabled kernels, potentially causing a system crash. No public exploit exists and the EPSS score of 0.14% (4th percentile) places this firmly in the low-priority tier; it has not been added to CISA KEV.

Code Injection Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-53292 MEDIUM PATCH This Month

Kernel panic via reachable assertion in the Linux kernel Phonet subsystem allows any low-privileged local user to crash the system. The flaw exists in pn_socket_autobind() at net/phonet/socket.c:213, where a BUG_ON() assertion fires when pn_socket_bind() returns -EINVAL for a reason other than an already-bound socket - specifically, when sk->sk_state is not TCP_CLOSE on an unbound socket. This was confirmed exploitable by syzbot fuzzing. No public exploit exists independent of the syzbot reproducer, and no active exploitation is reported in CISA KEV; EPSS at the 5th percentile confirms low real-world exploitation probability.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-53285 MEDIUM PATCH This Month

Kernel crash in Linux DRM/AMD DCN32 display subsystem affects systems equipped with AMD RDNA3-generation GPUs running x86 non-RT kernels. The dcn32_validate_bandwidth() function locks FPU registers via DC_FP_START(), disabling local softirqs, then calls kvzalloc() for a ~335 KiB phantom-plane allocation that triggers the vmalloc path; vmalloc fires BUG_ON(in_interrupt()), crashing the kernel. No public exploit has been identified at time of analysis, and EPSS at 0.15% (5th percentile) reflects low real-world exploitation interest.

Linux Amd Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a network attacker crash the device by sending an InvokeCommandRequest to a nonexistent endpoint/cluster (e.g. 0x34), which the interaction model treats as valid and then aborts on a VerifyOrDie assertion (SIGABRT). This is a reachable-assertion bug (CWE-617) with availability-only impact and no data compromise. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the issue was acknowledged upstream and fixed in PR #37207.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remotely triggerable denial of service in the Matter SDK (connectedhomeip) before 1.4.2 lets an attacker crash devices by driving the Level Control cluster's periodic server tick into a failed assertion (currentLevel < maxLevel). Sending a MoveToLevel command and immediately writing OperationMode=2 in the Pump Configuration and Control cluster produces an inconsistent internal state that aborts the process. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; CVSS is 7.5 with availability-only impact.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in the Matter SDK (connectedhomeip) versions 1.3 through 1.4 lets unauthenticated attackers crash smart-home devices by racing a Level Control MoveToLevel command against a conflicting write to the Pump Configuration and Control cluster's OperationMode attribute, tripping a reachable assertion (minLevel < currentLevel) in the server tick callback. The abort forces the device to restart or hang, disrupting any product built on the affected SDK. No public exploit identified at time of analysis, and the issue is tracked via project-chip GitHub issue #38619 with no vendor-released patch identified.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in vLLM 0.12.0 through 0.23.x lets any authorized API caller crash the entire inference server by submitting a pure prompt-embeddings payload to the /v1/completions endpoint when a model using M-RoPE (multimodal rotary position embedding) is loaded. The malformed request trips a reachable assertion in the EngineCore process, which terminates the whole server rather than rejecting the single request. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw is fixed in vLLM 0.24.0.

Denial Of Service Vllm
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Zebra Zcash full-node (zebrad) up to and including v4.4.1 lets an unauthenticated peer deterministically crash any synced node running the standard Linux dual-stack configuration. By completing a P2P handshake over IPv4 to a `[::]` listener and then advertising a single invalid mempool transaction (e.g. a coinbase), the attacker triggers a reachable-assertion panic in the address book after a 30-second batch flush, and `panic = "abort"` terminates the process. No public exploit has been identified at time of analysis, but the advisory documents the full reproduction path; the crash is repeatable after every restart, enabling persistent downtime.

Canonical Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 (Medium) reflects the constrained exploitation path, though VPN service disruption carries meaningful operational impact for affected operators.

Microsoft Information Disclosure Openvpn +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Spurious WARN_ON_ONCE calls in the Linux kernel's blk-wbt subsystem trigger unnecessary kernel warnings and stack traces under expected failure conditions - memory pressure or a pre-registered writeback throttle. Local low-privileged users can provoke this via ioctl(BLKPG) during MTD partition creation under memory-constrained conditions, generating noise in kernel logs and, on panic_on_warn-enabled kernels, potentially causing a system crash. No public exploit exists and the EPSS score of 0.14% (4th percentile) places this firmly in the low-priority tier; it has not been added to CISA KEV.

Code Injection Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel panic via reachable assertion in the Linux kernel Phonet subsystem allows any low-privileged local user to crash the system. The flaw exists in pn_socket_autobind() at net/phonet/socket.c:213, where a BUG_ON() assertion fires when pn_socket_bind() returns -EINVAL for a reason other than an already-bound socket - specifically, when sk->sk_state is not TCP_CLOSE on an unbound socket. This was confirmed exploitable by syzbot fuzzing. No public exploit exists independent of the syzbot reproducer, and no active exploitation is reported in CISA KEV; EPSS at the 5th percentile confirms low real-world exploitation probability.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel crash in Linux DRM/AMD DCN32 display subsystem affects systems equipped with AMD RDNA3-generation GPUs running x86 non-RT kernels. The dcn32_validate_bandwidth() function locks FPU registers via DC_FP_START(), disabling local softirqs, then calls kvzalloc() for a ~335 KiB phantom-plane allocation that triggers the vmalloc path; vmalloc fires BUG_ON(in_interrupt()), crashing the kernel. No public exploit has been identified at time of analysis, and EPSS at 0.15% (5th percentile) reflects low real-world exploitation interest.

Linux Amd Denial Of Service
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy