CVE-2024-34252
Description
A global buffer overflow in wasm3 v0.5.0's PreserveRegisterIfOccupied function allows denial of service via crafted WebAssembly bytecode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A global buffer overflow in wasm3 v0.5.0's PreserveRegisterIfOccupied function allows denial of service via crafted WebAssembly bytecode.
Vulnerability
A global buffer overflow vulnerability exists in wasm3 v0.5.0 (commit 139076a98b8321b67f850a844f558b5e91b5ac83) in the function PreserveRegisterIfOccupied located in source/m3_compile.c [1]. The overflow occurs when the function reads from a register array without proper bounds checking during the compilation of loop or block constructs. This can be triggered by a specially crafted WebAssembly (.wasm) file.
Exploitation
An attacker can exploit this vulnerability by providing a malicious .wasm file to the wasm3 interpreter. The file is processed by the compiler, which calls PreserveRegisterIfOccupied as part of the compilation of nested loops or blocks. The overflow results in a segmentation fault, as demonstrated by the AddressSanitizer stack trace in the issue report [1]. No authentication or special privileges are required; the attacker only needs to deliver the file to the interpreter.
Impact
Successful exploitation causes a denial of service (segmentation fault) due to the global buffer overflow. The overflow is a read of 8 bytes beyond the bounds of a global array, leading to a crash. While the issue report only confirms a crash, such memory safety violations could potentially be leveraged for more severe impacts, though no such exploitation is documented.
Mitigation
As of the publication date (2024-05-06), no official fix has been released for this vulnerability. The issue is tracked on GitHub [1]. Users should avoid running untrusted .wasm files with wasm3 v0.5.0 until a patch is available. The project may release a fix in a future version.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- wasm3/wasm3description
- Range: = 0.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds check in PreserveRegisterIfOccupied leads to out-of-bounds read on a global buffer when deeply nested WebAssembly blocks are compiled."
Attack vector
An attacker supplies a crafted WebAssembly binary (poc.wasm) containing deeply nested loop/block constructs. When wasm3 compiles this module, the recursive compilation path (Compile_LoopOrBlock → CompileBlockStatements → CompileBlock) recurses hundreds of times, eventually calling PreserveRegisterIfOccupied in m3_compile.c:492 [ref_id=1]. The function reads from a global buffer without checking the current depth, causing a global-buffer-overflow READ of size 8 that results in a segmentation fault [ref_id=1]. No authentication or special privileges are required; the victim only needs to run wasm3 with the malicious .wasm file.
Affected code
The crash occurs in PreserveRegisterIfOccupied at wasm3/source/m3_compile.c:492 [ref_id=1]. The call chain shows it is reached via PreserveRegisters (line 508) called from Compile_LoopOrBlock (line 1853), which is invoked repeatedly through CompileBlockStatements (line 2605) and CompileBlock (line 2742) during recursive block compilation [ref_id=1].
What the fix does
No patch is included in the bundle. The advisory [ref_id=1] reports the issue as "Invalid (therefore possibly related to incomplete validation in wasm3)" and provides no fix commit or remediation guidance. The project maintainers would need to add a depth or bounds check in PreserveRegisterIfOccupied (or its callers) to prevent out-of-bounds access when deeply nested blocks are compiled.
Preconditions
- inputAttacker must supply a crafted .wasm file with deeply nested loop/block structures.
- networkNo network access required; the victim runs wasm3 locally on the malicious file.
Reproduction
Build wasm3 with AddressSanitizer (export CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g", cmake, make). Run: wasm3/build/wasm3 --func main poc.wasm [ref_id=1]. The provided proof-of-concept archive (wasm3-poc-22.zip) triggers the global-buffer-overflow [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.