VYPR
← All advisories
Unrated severityOSV Advisory· Published Sep 21, 2018· Updated Aug 5, 2024

CVE-2018-17293

CVE-2018-17293

Description

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wavm/WavmOSV2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

Vulnerability mechanics

Root cause

"The run function in WAVM does not properly check for Emscripten memory before attempting to store command-line arguments."

Attack vector

An attacker can craft a WebAssembly file that, when executed by WAVM, triggers a NULL pointer dereference. This occurs because the `run` function in `Programs/wavm/wavm.cpp` attempts to inject command-line arguments into Emscripten memory without first verifying that such memory exists [ref_id=2]. This leads to a denial of service via application crash [ref_id=1].

Affected code

The vulnerability lies within the `run` function in `Programs/wavm/wavm.cpp`. Specifically, the code block responsible for handling functions with two parameters and injecting command-line arguments is affected [ref_id=2].

What the fix does

The patch modifies the `run` function in `Programs/wavm/wavm.cpp` to first check if `emscriptenInstance` is valid before proceeding to inject command-line arguments [ref_id=2]. If `emscriptenInstance` is null, the program now exits gracefully with an error message, preventing the NULL pointer dereference that previously caused a crash [ref_id=1, ref_id=2].

Preconditions

  • inputThe attacker must provide a specially crafted WebAssembly file.

Reproduction

https://github.com/ntu-sec/pocs/blob/master/wavm-234e8b9/crashes/sigabrt_Invoke.cpp:50_1.wast https://github.com/ntu-sec/pocs/blob/master/wavm-234e8b9/crashes/sigabrt_Invoke.cpp:50_2.wasm

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.