Vendor CVEs
Webassembly
All CVEs
46 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16767 | Hig | 0.57 | 8.8 | 0.01 | Sep 10, 2018 | In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp… | ||
| CVE-2025-15412 | Med | 0.34 | 5.3 | 0.00 | Jan 1, 2026 | A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is… | ||
| CVE-2025-15411 | Med | 0.34 | 5.3 | 0.00 | Jan 1, 2026 | A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the… | ||
| CVE-2025-14956 | Med | 0.27 | 5.3 | 0.00 | Dec 19, 2025 | A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host.… | ||
| CVE-2025-6275 | Low | 0.21 | 3.3 | 0.00 | Jun 19, 2025 | A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the… | ||
| CVE-2025-6274 | Low | 0.21 | 3.3 | 0.00 | Jun 19, 2025 | A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit… | ||
| CVE-2025-6273 | Low | 0.21 | 3.3 | 0.00 | Jun 19, 2025 | A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The… | ||
| CVE-2026-8257 | Low | 0.14 | 3.3 | 0.00 | May 11, 2026 | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached… | ||
| CVE-2025-14957 | Low | 0.14 | 3.3 | 0.00 | Dec 19, 2025 | A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads… | ||
| CVE-2025-3122 | 0.00 | — | 0.01 | Apr 2, 2025 | A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can… | |||
| CVE-2025-2584 | 0.00 | — | 0.00 | Mar 21, 2025 | A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer… | |||
| CVE-2025-2368 | 0.00 | — | 0.01 | Mar 17, 2025 | A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The… | |||
| CVE-2023-46331 | 0.00 | — | 0.00 | Oct 23, 2023 | WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. | |||
| CVE-2023-46332 | 0.00 | — | 0.00 | Oct 23, 2023 | WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. | |||
| CVE-2020-18378 | 0.00 | — | 0.01 | Aug 22, 2023 | A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | |||
| CVE-2020-18382 | 0.00 | — | 0.01 | Aug 22, 2023 | Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | |||
| CVE-2023-31670 | 0.00 | — | 0.01 | May 23, 2023 | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | |||
| CVE-2023-31669 | 0.00 | — | 0.00 | May 23, 2023 | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). | |||
| CVE-2023-27115 | 0.00 | — | 0.00 | Mar 10, 2023 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | |||
| CVE-2023-27116 | 0.00 | — | 0.00 | Mar 10, 2023 | WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. | |||
| CVE-2023-27117 | 0.00 | — | 0.00 | Mar 10, 2023 | WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. | |||
| CVE-2023-27119 | 0.00 | — | 0.00 | Mar 10, 2023 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. | |||
| CVE-2022-43280 | 0.00 | — | 0.00 | Oct 28, 2022 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. | |||
| CVE-2022-43282 | 0.00 | — | 0.00 | Oct 28, 2022 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | |||
| CVE-2022-43283 | 0.00 | — | 0.00 | Oct 28, 2022 | wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | |||
| CVE-2022-43281 | 0.00 | — | 0.00 | Oct 28, 2022 | wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. | |||
| CVE-2021-46055 | 0.00 | — | 0.01 | Jan 7, 2022 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | |||
| CVE-2021-46054 | 0.00 | — | 0.01 | Jan 7, 2022 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | |||
| CVE-2021-46053 | 0.00 | — | 0.01 | Jan 7, 2022 | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | |||
| CVE-2021-46052 | 0.00 | — | 0.01 | Jan 7, 2022 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | |||
| CVE-2021-46050 | 0.00 | — | 0.01 | Jan 7, 2022 | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | |||
| CVE-2021-46048 | 0.00 | — | 0.01 | Jan 7, 2022 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | |||
| CVE-2021-45293 | 0.00 | — | 0.01 | Dec 21, 2021 | A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. | |||
| CVE-2021-45290 | 0.00 | — | 0.01 | Dec 21, 2021 | A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | |||
| CVE-2019-15758 | 0.00 | — | 0.01 | Aug 29, 2019 | An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. | |||
| CVE-2019-15759 | 0.00 | — | 0.01 | Aug 29, 2019 | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | |||
| CVE-2019-7703 | 0.00 | — | 0.01 | Feb 10, 2019 | In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge. | |||
| CVE-2019-7702 | 0.00 | — | 0.01 | Feb 10, 2019 | A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | |||
| CVE-2019-7701 | 0.00 | — | 0.01 | Feb 10, 2019 | A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js. | |||
| CVE-2019-7700 | 0.00 | — | 0.01 | Feb 10, 2019 | A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. | |||
| CVE-2019-7704 | 0.00 | — | 0.01 | Feb 10, 2019 | wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | |||
| CVE-2019-7662 | 0.00 | — | 0.02 | Feb 9, 2019 | An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file. | |||
| CVE-2019-7151 | 0.00 | — | 0.01 | Jan 29, 2019 | A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. | |||
| CVE-2019-7152 | 0.00 | — | 0.01 | Jan 29, 2019 | A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as… | |||
| CVE-2019-7154 | 0.00 | — | 0.01 | Jan 29, 2019 | The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to… | |||
| CVE-2019-7153 | 0.00 | — | 0.01 | Jan 29, 2019 | A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as… |
- risk 0.57cvss 8.8epss 0.01
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp…
- risk 0.34cvss 5.3epss 0.00
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the…
- risk 0.27cvss 5.3epss 0.00
A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host.…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The…
- risk 0.14cvss 3.3epss 0.00
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached…
- risk 0.14cvss 3.3epss 0.00
A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads…
- CVE-2025-3122Apr 2, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can…
- CVE-2025-2584Mar 21, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer…
- CVE-2025-2368Mar 17, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The…
- CVE-2023-46331Oct 23, 2023risk 0.00cvss —epss 0.00
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
- CVE-2023-46332Oct 23, 2023risk 0.00cvss —epss 0.00
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
- CVE-2020-18378Aug 22, 2023risk 0.00cvss —epss 0.01
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
- CVE-2020-18382Aug 22, 2023risk 0.00cvss —epss 0.01
Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.
- CVE-2023-31670May 23, 2023risk 0.00cvss —epss 0.01
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
- CVE-2023-31669May 23, 2023risk 0.00cvss —epss 0.00
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
- CVE-2023-27115Mar 10, 2023risk 0.00cvss —epss 0.00
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
- CVE-2023-27116Mar 10, 2023risk 0.00cvss —epss 0.00
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
- CVE-2023-27117Mar 10, 2023risk 0.00cvss —epss 0.00
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.
- CVE-2023-27119Mar 10, 2023risk 0.00cvss —epss 0.00
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
- CVE-2022-43280Oct 28, 2022risk 0.00cvss —epss 0.00
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
- CVE-2022-43282Oct 28, 2022risk 0.00cvss —epss 0.00
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
- CVE-2022-43283Oct 28, 2022risk 0.00cvss —epss 0.00
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
- CVE-2022-43281Oct 28, 2022risk 0.00cvss —epss 0.00
wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.
- CVE-2021-46055Jan 7, 2022risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).
- CVE-2021-46054Jan 7, 2022risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).
- CVE-2021-46053Jan 7, 2022risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.
- CVE-2021-46052Jan 7, 2022risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.
- CVE-2021-46050Jan 7, 2022risk 0.00cvss —epss 0.01
A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.
- CVE-2021-46048Jan 7, 2022risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.
- CVE-2021-45293Dec 21, 2021risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.
- CVE-2021-45290Dec 21, 2021risk 0.00cvss —epss 0.01
A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.
- CVE-2019-15758Aug 29, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.
- CVE-2019-15759Aug 29, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
- CVE-2019-7703Feb 10, 2019risk 0.00cvss —epss 0.01
In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.
- CVE-2019-7702Feb 10, 2019risk 0.00cvss —epss 0.01
A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
- CVE-2019-7701Feb 10, 2019risk 0.00cvss —epss 0.01
A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.
- CVE-2019-7700Feb 10, 2019risk 0.00cvss —epss 0.01
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.
- CVE-2019-7704Feb 10, 2019risk 0.00cvss —epss 0.01
wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.
- CVE-2019-7662Feb 9, 2019risk 0.00cvss —epss 0.02
An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.
- CVE-2019-7151Jan 29, 2019risk 0.00cvss —epss 0.01
A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
- CVE-2019-7152Jan 29, 2019risk 0.00cvss —epss 0.01
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as…
- CVE-2019-7154Jan 29, 2019risk 0.00cvss —epss 0.01
The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to…
- CVE-2019-7153Jan 29, 2019risk 0.00cvss —epss 0.01
A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as…