The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.
Threat Mapped score: 1.5
Industry: Finiancial
Threat priority: P4 - Informational (Low)
CVE: CVE-2023-49286
Chain: function in web caching proxy does not correctly check a return value (CWE-253) leading to a reachable assertion (CWE-617)
CVE: CVE-2006-6767
FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.
CVE: CVE-2006-6811
Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.
CVE: CVE-2006-5779
Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
CVE: CVE-2006-4095
Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.
CVE: CVE-2006-4574
Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.
CVE: CVE-2004-0270
Anti-virus product has assert error when line length is non-numeric.
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn't entered an email address in an HTML form.
String email = request.getParameter("email_address"); assert email != null;