Reachable Assertion
Weakness ID: 617 (Weakness Variant)Status: Draft
+ Description

Description Summary

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Extended Description

For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.

+ Time of Introduction
  • Implementation
+ Demonstrative Examples

Example 1

In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn't entered an email address in an HTML form.

(Bad Code)
Example Language: Java 
String email = request.getParameter("email_address");
assert email != null;
+ Observed Examples
ReferenceDescription
CVE-2006-6767
CVE-2006-6811
CVE-2006-5779
CVE-2006-4574
CVE-2006-4095
CVE-2006-4574Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.
+ Potential Mitigations

Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)

Perform input validation on user data.

+ Other Notes

While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service if the relevant code can be triggered by an attacker, and if the scope of the assert() extends beyond the attacker's own session.

+ Weakness Ordinalities
OrdinalityDescription
Resultant
(where the weakness is typically related to the presence of some other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class398Indicator of Poor Code Quality
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class670Always-Incorrect Control Flow Implementation
Research Concepts (primary)1000
CanFollowWeakness BaseWeakness Base193Off-by-one Error
Research Concepts1000
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Observed Example, Other Notes, Weakness Ordinalities