2 matches found
CVE-2018-17292
WAVM (WebAssembly VM) with CVE-2018-17292: The loadModule function in Include/Inline/CLI.h does not verify file length before a file magic check, enabling a crafted input under 4 bytes to trigger an out-of-bounds read and cause an application crash (Denial of Service). This is documented across m...
CVE-2018-17293
WAVM (before 2018-09-16) is affected. The run() function in Programs/wavm/wavm.cpp does not verify whether Emscripten memory holds the command-line arguments for the WebAssembly file’s main, allowing a crafted WebAssembly file to trigger a NULL-pointer dereference and crash (denial of service) or...