SUSE CVE-2018-5093

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox 58...

SUSE CVE-2018-5094

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox 58...

SUSE CVE-2018-6061

A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-6087

A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

SUSE CVE-2018-6092

An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

SUSE CVE-2018-6116

A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

SUSE CVE-2018-6122

Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-6131

Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-17458

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

SUSE CVE-2020-15681

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox 82...

SUSE CVE-2020-16015

Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

SUSE CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

SUSE CVE-2022-31740

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

SUSE CVE-2022-34502

Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consumeencodednamenew at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted binary file...

This Week in Spring - January 17th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I went to Helsinki, Finland, last week, and this week Im in Atlanta, Georgia, to speak at the Atlanta Java User Group. And, of course, next week, Ill be in New York to join a viewing party for the airing of SpringOne...

MGASA-2022-0487 Updated python-ujson packages fix security vulnerability

Fixes len integer overflow issue. RHBZ2149975 Ultrajson doesn't build on webassembly e.g. pyodide because the version of double-conversion used is too old. This updates it to a newer version which supports webassembly...

Updated python-ujson packages fix security vulnerability

Fixes len integer overflow issue. RHBZ2149975 Ultrajson doesn't build on webassembly e.g. pyodide because the version of double-conversion used is too old. This updates it to a newer version which supports webassembly...

PT-2022-37586 · Ultrajson · Ultrajson

Name of the Vulnerable Software and Affected Versions: ultrajson affected versions not specified Description: The issue concerns an integer overflow related to the len function. Additionally, there was a problem with ultrajson building on webassembly e.g., pyodide due to an outdated version of...

DEBIAN-CVE-2022-31740

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...