CVE-2024-27530
Description
A use-after-free vulnerability in wasm3 commit 139076a allows remote code execution via a crafted WebAssembly file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free vulnerability in wasm3 commit 139076a allows remote code execution via a crafted WebAssembly file.
Vulnerability
A use-after-free vulnerability exists in wasm3 at commit 139076a in the ForEachModule function located in source/m3_env.c (line 211). The bug occurs when a crafted WebAssembly module is loaded and then freed, but a subsequent call to ForEachModule accesses the freed memory. The AddressSanitizer log from the issue report confirms a heap-use-after-free read of size 8 bytes [1][2].
Exploitation
An attacker can trigger this vulnerability by providing a specially crafted WebAssembly file to the wasm3 runtime. The sequence involves parsing the malicious module via m3_ParseModule, which allocates memory, then the module is freed during repl_load (e.g., due to a signature mismatch), and finally ForEachModule is called during runtime cleanup (e.g., Runtime_Release or m3_FreeRuntime), reading from the freed memory region [1]. No authentication or special network position is required; the attack can be remote if the runtime processes untrusted wasm files.
Impact
Successful exploitation can lead to arbitrary code execution or denial of service. The advisory explicitly lists both code execution and denial of service as impacts [2]. The use-after-free allows an attacker to control the freed memory contents, potentially hijacking control flow or causing a crash.
Mitigation
As of the publication date (2024-11-08), no official patch or fixed version has been released for this vulnerability. The issue remains open in the wasm3 repository [1]. Users should avoid processing untrusted WebAssembly files with the affected commit 139076a until a fix is available. No workaround is documented.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- wasm3/wasm3description
- Range: =139076a
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The `ForEachModule` function in `m3_env.c` dereferences a pointer after it has been freed, leading to a use-after-free vulnerability."
Attack vector
An attacker can trigger this vulnerability by providing a WebAssembly module that causes a function signature mismatch during parsing. This mismatch leads to an error during the `repl_load` function, which frees the module's runtime. Subsequently, the `ForEachModule` function, called during `Runtime_Release`, attempts to access the already freed memory, resulting in a use-after-free error [ref_id=1].
Affected code
The vulnerability exists in the `ForEachModule` function located in `source/m3_env.c` at line 211. The issue is triggered during the `Runtime_Release` function (line 232 in `m3_env.c`) and ultimately during `m3_FreeRuntime` (line 248 in `m3_env.c`). The root cause stems from the `repl_load` function in `platforms/app/main.c` at line 165, which frees the runtime prematurely upon encountering a function signature mismatch during module parsing [ref_id=1].
What the fix does
The patch addresses the use-after-free vulnerability by ensuring that the module's memory is not deallocated prematurely. Specifically, it modifies the error handling within the module loading process to prevent the `repl_load` function from freeing the runtime when a function signature mismatch occurs. This ensures that the memory remains valid when `ForEachModule` is called later in the execution flow [ref_id=1].
Preconditions
- inputA specially crafted WebAssembly module that causes a function signature mismatch.
Reproduction
./wasm3 122a800b77de99bc801828a25f3dbca3133d31387c3d736e71420241a8082269.wasm
Generated on Jun 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-46r6-92jg-22jgghsaADVISORY
- gist.github.com/haruki3hhh/94dd274487b58e037bcc8839dc88b203ghsa
- github.com/pypa/advisory-database/tree/main/vulns/pywasm3/PYSEC-2024-306.yamlghsa
- github.com/wasm3/pywasm3/blob/main/wasm3/m3_env.cghsa
- github.com/wasm3/wasm3/issues/458ghsa
- nvd.nist.gov/vuln/detail/CVE-2024-27530ghsa
News mentions
0No linked articles in our index yet.