Lucene search
K

2106 matches found

OSV
OSV
added 2022/01/10 2:11 p.m.2 views

UBUNTU-CVE-2021-46048

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions...

5.5CVSS5.8AI score0.007EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.6 views

Binaryen 安全漏洞

Binaryen 104 is a compiler infrastructure and toolchain library for WebAssembly written in C. A denial of service vulnerability exists in Binaryen 104, which stems from an assertion abort in the software wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow. , which can be exploited by an attacker t...

5.5CVSS5.7AI score0.00703EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/01 12:0 a.m.4 views

Wasm 缓冲区错误漏洞

wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A security vulnerability exists in Wasm3 0.5.0 that stems from an out-of-bounds write called from EvaluateExpression and InitDataSegments in the runtime version...

5.5CVSS5.8AI score0.00667EPSS
Exploits1References2
CNVD
CNVD
added 2021/12/22 12:0 a.m.15 views

Binaryen Denial of Service Vulnerability (CNVD-2022-06888)

Binaryen is a compiler and toolchain infrastructure library for WebAssembly written in C. A denial of service vulnerability exists in Binaryen 103, which stems from an invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet, and could be exploited by an attacker to cause a denial ...

5.5CVSS3.7AI score0.0078EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/22 12:0 a.m.22 views

Binaryen Denial of Service Vulnerability (CNVD-2022-06889)

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C. A denial of service vulnerability exists in Binaryen 103, which stems from an assertion failure in wasm::handleunreachable and can be exploited by an attacker to cause a denial of service...

7.5CVSS3.3AI score0.01465EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.2 views

Binaryen 代码问题漏洞

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C. A denial of service vulnerability exists in Binaryen 103, which stems from an assertion failure in wasm::handleunreachable and can be exploited by an attacker to cause a denial of service...

7.5CVSS5.6AI score0.01465EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.3 views

Binaryen 缓冲区错误漏洞

Binaryen is a compiler and toolchain infrastructure library for WebAssembly written in C. A denial of service vulnerability exists in Binaryen 103, which stems from an invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet, and could be exploited by an attacker to cause a denial ...

5.5CVSS5.6AI score0.0078EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/12/09 12:43 p.m.5 views

Mozilla: GC rooting failure when calling wasm instance methods

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

8.8CVSS7.3AI score0.0162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/12/09 12:41 p.m.2 views

Mozilla: GC rooting failure when calling wasm instance methods

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

8.8CVSS7.3AI score0.0162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/12/09 12:40 p.m.4 views

Mozilla: GC rooting failure when calling wasm instance methods

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

8.8CVSS7.3AI score0.0162EPSS
Exploits0References4
OSV
OSV
added 2021/12/08 10:15 p.m.1 views

DEBIAN-CVE-2021-43539

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox...

8.8CVSS8.1AI score0.0162EPSS
Exploits0References1
OSV
OSV
added 2021/12/08 12:0 a.m.7 views

UBUNTU-CVE-2021-43539

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox...

8.8CVSS7.3AI score0.0162EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2021/12/07 4:48 a.m.17 views

Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code

Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the...

1.3AI score
Exploits0
CNVD
CNVD
added 2021/12/01 12:0 a.m.13 views

Lucet Resource Management Error Vulnerability

Lucet is an open source, native WebAssembly compiler and runtime from the Bytecode Alliance organization. Lucet has a resource management error vulnerability that stems from the presence of post-release usage in Lucet's Instance object, which can be exploited by attackers to cause memory...

8.5CVSS4AI score0.01566EPSS
Exploits1References1
NVD
NVD
added 2021/11/30 12:15 a.m.10 views

CVE-2021-43790

Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of lucet-runtime affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduc...

8.5CVSS0.01566EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.4 views

Lucet 资源管理错误漏洞

Lucet is an open source, native WebAssembly compiler and runtime from the Bytecode Alliance organization. Lucet has a resource management error vulnerability that stems from the presence of post-release usage in Lucet's Instance object, which can be exploited by attackers to cause memory...

8.5CVSS5.6AI score0.01566EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/11/29 11:55 p.m.14 views

CVE-2021-43790 Use After Free in lucet

Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of lucet-runtime affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduc...

8.5CVSS8.6AI score0.01566EPSS
Exploits1References3
CVE
CVE
added 2021/11/29 11:55 p.m.57 views

CVE-2021-43790

Lucet (lucet-runtime) has a Use-After-Free in the Instance object caused by a race during destruction when the memory backing the Instance is released back to the pool before other fields are dropped. This affects main branch implementations and all releases published to crates.io, and leads to m...

8.5CVSS8AI score0.01566EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/11/02 11:15 p.m.1 views

CVE-2018-6122

Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS5.8AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2021/11/02 11:15 p.m.15 views

CVE-2018-6122

Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS0.00717EPSS
Exploits0References1
Rows per page
Query Builder