Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

assertion failure cause a denial of service #10998

Closed
xiaoqx opened this issue Mar 6, 2018 · 2 comments
Closed

assertion failure cause a denial of service #10998

xiaoqx opened this issue Mar 6, 2018 · 2 comments

Comments

@xiaoqx
Copy link

xiaoqx commented Mar 6, 2018

In some cases, an assertion failure may be intentional behavior, not a vulnerability,
However, Assertion failure may cause denial of service attacks in some cases.
And CVE IDs have been assigned such as CVE-2018-7712,CVE-2018-7713,CVE-2018-7714.

@alalek
Copy link
Member

alalek commented Mar 6, 2018

CVE-2018-7712
CVE-2018-7713
CVE-2018-7714

Details: https://www.cvedetails.com/cve/CVE-2018-7712/ , etc
OpenCV CV_Assert is not an assertion (C-like assert()), it is regular C++ exception which can raised in case of invalid or non-supported parameters.
Considering this as invalid report: It is application developer responsibility to catch C++ errors from C++ libraries.

These exceptions are raised in case of malformed images or to avoid loading of very huge images (to resolve unwanted denial of service related to memory limits).
There is no runtime way at this moment to control values of these limits, but these limits are enough for usual modern applications.

@iamleot
Copy link

iamleot commented Jan 30, 2020

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

3 participants