Webassembly Virtual Machine Security Vulnerabilities and Issues — Webassembly Virtual Machine CVE List

Webassembly Virtual Machine ProjectWebassembly Virtual Machine

9 matches found

CVE•added 2018/09/10 4:0 a.m.•47 views

CVE-2018-16769

WAVM (WebAssembly VM) is affected by CVE-2018-16769. A crafted file sent to WAVM may cause a denial of service (application crash) due to mishandling in libRuntime.so!llvm::InstructionCombiningPass::runOnFunction. Documented impact is DoS; other impacts are unspecified. The issue is in WAVM up to...

8.8CVSS8.9AI score0.01269EPSS

CVE•added 2018/09/10 4:0 a.m.•43 views

CVE-2018-16770

CVE-2018-16770 affects WAVM (WebAssembly Virtual Machine) up to 2018-07-26. A crafted file can trigger a denial of service (application crash) due to a failure in a certain new_allocator allocate call. Documented impact is DoS with high severity per CVSS3 (C:H/I:H/A:H) and network exposure. The c...

8.8CVSS8.9AI score0.01269EPSS

CVE•added 2018/09/21 6:0 a.m.•43 views

CVE-2018-17293

WAVM (before 2018-09-16) is affected. The run() function in Programs/wavm/wavm.cpp does not verify whether Emscripten memory holds the command-line arguments for the WebAssembly file’s main, allowing a crafted WebAssembly file to trigger a NULL-pointer dereference and crash (denial of service) or...

8.8CVSS9AI score0.01623EPSS

CVE•added 2018/09/10 4:0 a.m.•42 views

CVE-2018-16766

WAVM (WebAssembly Virtual Machine) is affected by CVE-2018-16766. A crafted file can trigger Errors::unreachable(), potentially causing a denial of service (application crash) or other unspecified impact. The CVSS data (3.0) indicates a network-based, low-attack-vector issue with no privileges re...

8.8CVSS8.9AI score0.01269EPSS

CVE•added 2018/09/21 6:0 a.m.•42 views

CVE-2018-17292

WAVM (WebAssembly VM) with CVE-2018-17292: The loadModule function in Include/Inline/CLI.h does not verify file length before a file magic check, enabling a crafted input under 4 bytes to trigger an out-of-bounds read and cause an application crash (Denial of Service). This is documented across m...

6.5CVSS6.3AI score0.01228EPSS

CVE•added 2018/09/10 4:0 a.m.•41 views

CVE-2018-16768

CVE-2018-16768 affects WAVM (WebAssembly Virtual Machine). A heap-buffer-overflow in IR::FunctionValidationContext::end, triggered by a crafted input file up to 2018-07-26, may cause a denial of service (application crash) and possibly unspecified other impact. The vulnerability is documented acr...

8.8CVSS8.9AI score0.01269EPSS

CVE•added 2018/09/10 4:0 a.m.•37 views

CVE-2018-16764

CVE-2018-16764 affects WAVM (WebAssembly Virtual Machine). A crafted input file can trigger a heap-based buffer over-read in IR::FunctionValidationContext::catch_all, potentially causing a denial of service via application crash and possibly other impact. Affected versions are WAVM up to 2018-07-...

8.8CVSS9AI score0.01269EPSS

CVE•added 2018/09/10 4:0 a.m.•37 views

CVE-2018-16767

CVE-2018-16767 affects WAVM (WebAssembly Virtual Machine). A crafted file sent to WAVM may trigger a heap-buffer-overflow in FunctionValidationContext::popAndValidateOperand, causing denial of service (application crash) and possibly other impact for WAVM versions up to and including 2018-07-26. ...

8.8CVSS8.9AI score0.01269EPSS

CVE•added 2018/09/10 4:0 a.m.•36 views

CVE-2018-16765

CVE-2018-16765 affects WAVM (WebAssembly Virtual Machine); a crafted file may trigger a heap-buffer-overflow in FunctionValidationContext::else_, leading to a denial of service (application crash) and possibly unspecified impact. Affected are WAVM versions up to 2018-07-26. Documented in multiple...

8.8CVSS8.9AI score0.01269EPSS