233 vulnerabilities classified as CWE-617 (可达断言). AI Chinese analysis included.
CWE-617 represents a software weakness where an assertion statement, intended for debugging or internal logic validation, remains enabled in production code and can be triggered by external input. This flaw typically leads to a denial of service, as the application abruptly terminates or crashes when the assertion fails, rather than handling the error gracefully. Attackers exploit this by crafting specific inputs that violate the assumed invariants, forcing the program to exit unexpectedly. To mitigate this risk, developers must ensure that assertions are strictly disabled in production environments or replace them with robust error-handling mechanisms. By validating inputs and managing exceptions without relying on fatal assertions, teams can maintain application availability and prevent attackers from leveraging these logic checks for disruptive service interruptions.
String email = request.getParameter("email_address"); assert email != null;| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23991 | go-tuf affected by client DoS via malformed server response — go-tuf | 5.9 | Medium | 2026-01-22 |
| CVE-2025-13878 | Malformed BRID/HHIT records can cause named to terminate unexpectedly — BIND 9 | 7.5 | High | 2026-01-21 |
| CVE-2025-15531 | Open5GS context.c sgwc_bearer_add assertion — Open5GS | 5.3 | Medium | 2026-01-17 |
| CVE-2025-15530 | Open5GS s11-handler.c assertion — Open5GS | 5.3 | Medium | 2026-01-17 |
| CVE-2025-68471 | Avahi has a reachable assertion in lookup_start — avahi | 6.5 | Medium | 2026-01-12 |
| CVE-2025-68468 | Avahi has a reachable assertion in lookup_multicast_callback — avahi | 6.5 | Medium | 2026-01-12 |
| CVE-2025-68276 | Avahi has a reachable assertion in avahi_wide_area_scan_cache — avahi | 5.5 | Medium | 2026-01-12 |
| CVE-2025-20760 | MediaTek chipsets 安全漏洞 — MediaTek chipset | 6.5 | - | 2026-01-06 |
| CVE-2025-20762 | MediaTek chipsets 安全漏洞 — MediaTek chipset | 7.5 | - | 2026-01-06 |
| CVE-2025-15176 | Open5GS PFCP Session Establishment Request rule-match.c ogs_pfcp_pdr_rule_find_by_packet assertion — Open5GS | 5.3 | Medium | 2025-12-29 |
| CVE-2025-48704 | Pexip Infinity 安全漏洞 — Infinity | 7.5 | High | 2025-12-25 |
| CVE-2025-49088 | Pexip Infinity 安全漏洞 — Infinity | 5.9 | Medium | 2025-12-25 |
| CVE-2025-66443 | Pexip Infinity 安全漏洞 — Infinity | 7.5 | High | 2025-12-25 |
| CVE-2025-66379 | Pexip Infinity 安全漏洞 — Infinity | 7.5 | High | 2025-12-25 |
| CVE-2025-32095 | Pexip Infinity 安全漏洞 — Infinity | 7.5 | High | 2025-12-25 |
| CVE-2025-32096 | Pexip Infinity 安全漏洞 — Infinity | 7.5 | High | 2025-12-25 |
| CVE-2025-34458 | wb2osz/direwolf <= 1.8.1 Reachable Assertion DoS — Dire Wolf | 7.5AI | HighAI | 2025-12-22 |
| CVE-2025-14954 | Open5GS QER/FAR/URR/PDR context.c ogs_pfcp_qer_find_or_add assertion — Open5GS | 3.7 | Low | 2025-12-19 |
| CVE-2025-59029 | Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor — Recursor | 5.3 | Medium | 2025-12-09 |
| CVE-2025-20791 | MediaTek Chipsets 安全漏洞 — MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797 | 7.5AI | HighAI | 2025-12-02 |
| CVE-2025-20752 | MediaTek Chipsets 安全漏洞 — MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8676, MT8791T | 7.5AI | HighAI | 2025-12-02 |
| CVE-2025-20757 | MediaTek Chipsets 安全漏洞 — MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797 | 7.5AI | HighAI | 2025-12-02 |
| CVE-2025-20792 | MediaTek Chipsets 安全漏洞 — MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8791T | 7.5AI | HighAI | 2025-12-02 |
| CVE-2025-13644 | MongoDB may be susceptible to Invariant Failure due to batched delete — MongoDB Server | 6.5 | Medium | 2025-11-25 |
| CVE-2025-46705 | Entrouvert Lasso 安全漏洞 — Lasso | 7.5 | High | 2025-11-05 |
| CVE-2025-47370 | Reachable Assertion in BT Controller — Snapdragon | 6.5 | Medium | 2025-11-04 |
| CVE-2025-41068 | Reachable Assertion vulnerability in Open5GS — Open5GS | 7.5AI | HighAI | 2025-10-27 |
| CVE-2025-41067 | Reachable Assertion vulnerability in Open5GS — Open5GS | 7.5AI | HighAI | 2025-10-27 |
| CVE-2025-59530 | quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame — quic-go | 7.5 | High | 2025-10-10 |
| CVE-2025-9405 | Open5GS gmm-sm.c gmm_state_exception assertion — Open5GS | 5.3 | Medium | 2025-08-25 |
Vulnerabilities classified as CWE-617 (可达断言) represent 233 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.