Threats Tagged 'cwe-617'

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0.

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.

A denial-of-service vulnerability exists in nimiq core-rs-albatross prior to version 1.4.0. The Ed25519PublicKey::delinearize() function calls unwrap() on curve point decompression, which panics if given invalid public key bytes that do not represent a valid point on the Ed25519 curve. This can crash the hosting process. The issue is fixed in version 1.4.0.

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.

CVE-2026-9749 is a high-severity vulnerability in MongoDB Server affecting versions 7.0.0, 8.0.0, 8.2.0, and 8.3.0. It arises when an aggregation pipeline uses the internal $exchange stage with key-range partitioning and order-preserving delivery, leading to a reachable assertion due to improper handling of a full per-consumer buffer. This can cause the server to reach a code path where the internal high watermark for a key range is not updated as intended.

CVE-2026-9748 is a high-severity vulnerability in MongoDB Server involving a reachable assertion failure. The issue arises from the $_internalConvertBucketIndexStats stage using PauseExecution incorrectly as a skip signal, which is intended only for internal coordination by $facet. When this stage precedes $facet in a pipeline, it causes an unexpected PauseExecution signal that triggers a hard invariant assertion failure, crashing the mongod process.

CVE-2026-9747 is a high-severity vulnerability in MongoDB Server where adding the parameters fromRouter:true and runtimeConstants.userRoles can cause aggregation operations to crash the server. This is due to a reachable assertion issue classified under CWE-617. The vulnerability affects specific versions of MongoDB Server including 7.0.0, 8.0.0, 8.2.0, and 8.3.0. No official patch or remediation guidance has been provided yet.

CVE-2026-9746 is a high-severity vulnerability in MongoDB Server that causes the server to crash due to a reachable assertion failure when using $changestreams and $_requestReshardingResumeToken with the exchange option. The issue requires the user to be logged in but does not require special privileges. Affected versions include 7.0.0, 8.0.0, 8.2.0, and 8.3.0. There is no confirmed patch or official remediation available at this time.