CVE-2022-34529
Description
WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WASM3 v0.5.0 contains a segmentation fault in Compile_Memory_CopyFill due to a slot index overflow caused by missing slot handling in certain bytecode.
Vulnerability
Overview
CVE-2022-34529 describes a segmentation fault vulnerability in WASM3 v0.5.0, affecting the Compile_Memory_CopyFill component. According to the official description, the issue is triggered via this component, and the referenced GitHub issue (the primary source) explains that the root cause is a 'slot index overflow because of slot missing in some bytecode' [1]. This indicates that the WebAssembly interpreter fails to properly track or allocate internal register slots when processing certain bytecode instructions, leading to an out-of-bounds access or memory corruption that manifests as a crash.
Attack
Vector and Exploitation
The vulnerability is present in the WASM3 WebAssembly interpreter library. An attacker can exploit this by supplying a specially crafted WebAssembly module that includes the malformed bytecode sequences related to Memory.CopyFill. No authentication is required, as the attack vector is local or remote via any mechanism that causes the vulnerable code to load and execute the malicious module. The exploitation prerequisites are minimal: the victim must run the affected WASM3 version and process the crafted input.
Impact
Exploitation results in a segmentation fault, causing a denial of service (DoS) condition. The crash is the only confirmed impact; there is no public evidence of arbitrary code execution or information disclosure. The segmentation fault occurs due to the unsafe memory access, which could potentially be leveraged by an attacker to cause application instability or service interruption in any system using the vulnerable WASM3 library to run WebAssembly code.
Mitigation
As of the publication date (2022-07-27), no official patch or fixed version had been released. Users are advised to monitor the project repository for updates. The vulnerability was publicly reported via the GitHub issue tracker [1]. The issue is also listed in the PyPA advisory database for the pywasm3 Python binding [3]. Administrators and developers using WASM3 should restrict untrusted WebAssembly module loading until a fix is applied.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pywasm3PyPI | <= 0.5.0 | — |
wasm3crates.io | <= 0.5.0 | — |
Affected products
3- WASM3/WASM3description
- ghsa-coords2 versions
<= 0.5.0+ 1 more
- (no CPE)range: <= 0.5.0
- (no CPE)range: <= 0.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-gq4p-4hxv-5rg9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34529ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/pywasm3/PYSEC-2022-43057.yamlghsaWEB
- github.com/wasm3/wasm3/issues/337ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.