CWE-617 – Reachable Assertion

Read Time:1 Minute, 15 Second

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-670
CWE-670

 

Consequences

Availability: DoS: Crash, Exit, or Restart

An attacker that can trigger an assert statement can still lead to a denial of service if the relevant code can be triggered by an attacker, and if the scope of the assert() extends beyond the attacker’s own session.

 

Potential Mitigations

Phase: Implementation

Description: 

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Phase: Implementation

Description: 

Perform input validation on user data.

CVE References

  • CVE-2006-6767
    • FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.
  • CVE-2006-6811
    • Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.
  • CVE-2006-5779
    • Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
  • CVE-2006-4095
    • Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.
  • CVE-2006-4574
    • Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.