Lucene search

GoogleOSV:CVE-2020-18378

HistoryAug 22, 2023 - 7:15 p.m.

CVE-2020-18378

2023-08-2219:15:55

Google

osv.dev

null pointer dereference

sexpressionwasmbuilder

makeblock

wasm input

segmentation fault

denial-of-service

binaryen 1.38.26

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

27.2%

JSON

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

References

github.com/WebAssembly/binaryen/issues/1900

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

27.2%

JSON

Related for OSV:CVE-2020-18378