CWE-617Reachable Assertion

Abstraction: Base · CVEs in our corpus: 709

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control	Title	Family	Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2020-8617`	7.1	7.5	0.9263	2020-05-19
`CVE-2018-5740`	5.4	7.5	0.6453	2019-01-16
`CVE-2016-8864`	4.2	7.5	0.4537	2016-11-02
`CVE-2006-5779`	4.1	7.5	0.4337	2006-11-07
`CVE-2017-3136`	4.1	5.9	0.4852	2019-01-16
`CVE-2020-36222`	3.9	7.5	0.3933	2021-01-26
`CVE-2023-28425`	3.8	5.5	0.4529	2023-03-20
`CVE-2017-3138`	3.6	6.5	0.3793	2019-01-16
`CVE-2018-5736`	3.6	5.3	0.4291	2019-01-16
`CVE-2020-25709`	3.6	7.5	0.3568	2021-05-18
`CVE-2017-3137`	3.2	7.5	0.2850	2019-01-16
`CVE-2021-27212`	3.0	7.5	0.2511	2021-02-14
`CVE-2020-8623`	2.6	7.5	0.1832	2020-08-21
`CVE-2019-6467`	2.5	7.5	0.1722	2019-10-09
`CVE-2020-25710`	2.5	7.5	0.1746	2021-05-28
`CVE-2022-3488`	2.4	7.5	0.1521	2023-01-26
`CVE-2006-6767`	2.3	7.5	0.1411	2007-01-16
`CVE-2019-10894`	2.3	7.5	0.1265	2019-04-09
`CVE-2011-3596`	2.3	7.5	0.1388	2019-11-26
`CVE-2021-46784`	2.3	6.5	0.1636	2022-07-17
`CVE-2019-9795`	2.0	9.8	0.0071	2019-04-26
`CVE-2020-3615`	2.0	9.8	0.0034	2020-06-02
`CVE-2020-8620`	2.0	7.5	0.0837	2020-08-21
`CVE-2006-4574`	1.9	7.5	0.0682	2006-10-28
`CVE-2023-38976`	1.9	7.5	0.0715	2023-08-21