CVE-2026-47307
Description
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions.
This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in Samsung Walrus allows denial of service via a crafted WebAssembly module with deeply nested instructions.
Vulnerability
A NULL pointer dereference vulnerability exists in Samsung Open Source Walrus, a WebAssembly runtime. The bug is triggered when processing a crafted WebAssembly module containing deeply nested instructions. The affected version is commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted WebAssembly module with deeply nested instructions to the Walrus runtime. No authentication or special privileges are required; the attacker only needs to submit the module. The NULL pointer dereference causes the runtime to crash.
Impact
Successful exploitation results in a denial of service (DoS) due to the crash. The CVSS v3 score is 5.5 (Medium), indicating a moderate impact on availability.
Mitigation
The fix is addressed in pull request #409 [1], which improves error throwing to handle the NULL pointer dereference. Users should update to a version that includes this fix. No workaround is mentioned. The vulnerability is not listed on CISA KEV as of publication.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.