Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Webassembly Security Vulnerabilities

cve
cve

CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.

6.5CVSS

6.3AI Score

0.001EPSS

2019-08-29 02:15 AM
165
cve
cve

CVE-2019-15759

An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.

6.5CVSS

6.3AI Score

0.001EPSS

2019-08-29 02:15 AM
157
cve
cve

CVE-2019-7151

A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.

6.5CVSS

6.3AI Score

0.001EPSS

2019-01-29 12:29 AM
32
cve
cve

CVE-2019-7152

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-...

6.5CVSS

6.5AI Score

0.001EPSS

2019-01-29 12:29 AM
31
cve
cve

CVE-2019-7153

A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt...

6.5CVSS

6.3AI Score

0.001EPSS

2019-01-29 12:29 AM
35
cve
cve

CVE-2019-7154

The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demon...

6.5CVSS

6.6AI Score

0.001EPSS

2019-01-29 12:29 AM
31
cve
cve

CVE-2019-7662

An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.

6.5CVSS

6.2AI Score

0.002EPSS

2019-02-09 04:29 PM
31
cve
cve

CVE-2019-7700

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.

6.5CVSS

6.4AI Score

0.001EPSS

2019-02-10 10:29 PM
34
cve
cve

CVE-2019-7701

A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.

6.5CVSS

6.4AI Score

0.001EPSS

2019-02-10 10:29 PM
29
cve
cve

CVE-2019-7702

A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

6.5CVSS

6.3AI Score

0.001EPSS

2019-02-10 10:29 PM
37
cve
cve

CVE-2019-7703

In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.

6.5CVSS

6.3AI Score

0.002EPSS

2019-02-10 10:29 PM
39
cve
cve

CVE-2019-7704

wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.

6.5CVSS

6.4AI Score

0.001EPSS

2019-02-10 10:29 PM
31
cve
cve

CVE-2020-18378

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

6.5CVSS

6.3AI Score

0.001EPSS

2023-08-22 07:15 PM
19
cve
cve

CVE-2020-18382

Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.

6.5CVSS

6.3AI Score

0.001EPSS

2023-08-22 07:15 PM
10
cve
cve

CVE-2021-45290

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

7.5CVSS

7.3AI Score

0.002EPSS

2021-12-21 06:15 PM
43
cve
cve

CVE-2021-45293

A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.

5.5CVSS

5.5AI Score

0.001EPSS

2021-12-21 06:15 PM
44
cve
cve

CVE-2021-46048

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-10 02:11 PM
24
cve
cve

CVE-2021-46050

A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.

5.5CVSS

5.3AI Score

0.001EPSS

2022-01-10 02:11 PM
29
cve
cve

CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-10 02:11 PM
25
cve
cve

CVE-2021-46053

A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.

5.5CVSS

5.3AI Score

0.001EPSS

2022-01-10 02:11 PM
26
cve
cve

CVE-2021-46054

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-10 02:11 PM
30
cve
cve

CVE-2021-46055

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

5.5CVSS

5.2AI Score

0.001EPSS

2022-01-10 02:11 PM
25
cve
cve

CVE-2022-43280

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.

7.1CVSS

6.8AI Score

0.001EPSS

2022-10-28 09:15 PM
25
2
cve
cve

CVE-2022-43281

wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocatorwabt::Type >::size() at /bits/stl_vector.h.

7.8CVSS

7.7AI Score

0.001EPSS

2022-10-28 09:15 PM
32
4
cve
cve

CVE-2022-43282

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.

7.1CVSS

6.8AI Score

0.001EPSS

2022-10-28 09:15 PM
37
4
cve
cve

CVE-2022-43283

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.

5.5CVSS

5.4AI Score

0.001EPSS

2022-10-28 09:15 PM
28
4
cve
cve

CVE-2023-27115

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

5.5CVSS

5.5AI Score

0.001EPSS

2023-03-10 02:15 AM
23
cve
cve

CVE-2023-27116

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

5.5CVSS

5.3AI Score

0.001EPSS

2023-03-10 02:15 AM
30
cve
cve

CVE-2023-27117

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

7.8CVSS

7.8AI Score

0.001EPSS

2023-03-10 02:15 AM
32
cve
cve

CVE-2023-27119

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

5.5CVSS

5.5AI Score

0.0005EPSS

2023-03-10 02:15 AM
33
cve
cve

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").

5.5CVSS

5.3AI Score

0.001EPSS

2023-05-23 12:15 PM
19
cve
cve

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

7.5CVSS

7.2AI Score

0.001EPSS

2023-05-23 01:15 AM
30
cve
cve

CVE-2023-46331

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

5.5CVSS

5.4AI Score

0.0004EPSS

2023-10-23 05:15 PM
28
cve
cve

CVE-2023-46332

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

5.5CVSS

5.4AI Score

0.0004EPSS

2023-10-23 04:15 PM
52