45 matches found
CVE-2018-16765
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else...
CVE-2018-16764
CVE-2018-16764 affects WAVM (WebAssembly Virtual Machine). A crafted input file can trigger a heap-based buffer over-read in IR::FunctionValidationContext::catch_all, potentially causing a denial of service via application crash and possibly other impact. Affected versions are WAVM up to 2018-07-...
CVE-2018-16770
CVE-2018-16770 affects WAVM (WebAssembly Virtual Machine) up to 2018-07-26. A crafted file can trigger a denial of service (application crash) due to a failure in a certain new_allocator allocate call. Documented impact is DoS with high severity per CVSS3 (C:H/I:H/A:H) and network exposure. The c...
WAVM Denial of Service Vulnerability (CNVD-2019-09772)
WAVM is the WebAssembly Virtual Machine. A denial-of-service vulnerability exists in WAVM 2018-07-26 and earlier versions, which stems from a failure of a certain newallocator allocation call and can be exploited by an attacker to cause a denial of service application crash by sending a specially...
Block.one: [FG-VD-18-101] Buffer Overflow Vulnerability in EOS's WAVM Library and also in latest WAVM Library Parent Repository
Hello Block.One / EOS Product Security Team, Good Afternoon. There exists a Memory Corruption vulnerability in the latest WAVM Library and also in the EOS code for WAVM Library. The PoC.wast file is attached along with this report. Reproduction Steps: - 1 Fetch latest WAVM library from the WAVM...