CVE-2019-15758

CVE-2019-15758 affects Binaryen 1.38.32. The issue is caused by missing validation rules in asmjs/asmangle.cpp, leading to an Assertion Failure in wasm/wasm.cpp (wasm::asmangle). A crafted input can cause denial-of-service, as demonstrated by wasm2js. Connected reports consistently describe the s...

CVE-2019-15759

CVE-2019-15759 affects Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can trigger a NULL pointer dereference in wasm::LocalSet::finalize within wasm/wasm.cpp, leading to segmentation faults and denial-of-service (as demonstrated by wasm2js). Connected sources (NVD, Red Hat, OSV, U...

CVE-2019-7703

In Binaryen 1.38.22, a use-after-free flaw in wasm::WasmBinaryBuilder::visitCall (wasm-binary.cpp) allows remote attackers to trigger denial-of-service by processing a crafted wasm file (as demonstrated by wasm-merge). The CVE description and multiple connected records confirm the affected compon...

CVE-2019-7701

CVE-2019-7701 affects Binaryen 1.38.22: a heap-based buffer over-read in wasm-s-parser.cpp, wasm::SExpressionParser::skipWhitespace(). A crafted wasm input can trigger a segmentation fault and denial-of-service (as demonstrated by wasm2js). Affected component is the S-Expression parser; root caus...

CVE-2019-7702

Technical details about CVE-2019-7702 are not publicly available in the provided connected documents. Monitor for updates; no confirmed affected products, versions, or fixes are disclosed here.

CVE-2019-7153

CVE-2019-7153 describes a NULL pointer dereference in Binaryen 1.38.22, specifically in wasm/wasm-binary.cpp during wasm::WasmBinaryBuilder::processFunctions() when calling wasm::WasmBinaryBuilder::getFunctionIndexName. A crafted input can cause segmentation faults, leading to denial-of-service, ...

CVE-2019-7151

CVE-2019-7151: A NULL pointer dereference in wasm::Module::getFunctionOrNull (Binaryen 1.38.22, wasm/wasm.cpp) can cause a segmentation fault and denial-of-service, as demonstrated by wasm-opt. The vulnerability affects Binaryen’s wasm module handling and is triggered by crafted input. No remedia...

CVE-2019-7152

CVE-2019-7152 affects Binaryen 1.38.22. A heap-based buffer over-read in wasm-binary.cpp (WasmBinaryBuilder::processFunctions, via getFunctionIndexName) can cause segmentation faults and denial-of-service when processing crafted input (e.g., via wasm-opt). The provided documents do not specify a ...

CVE-2019-7700

The CVE-2019-7700 issue involves a heap-based buffer over-read in Binaryen 1.38.22, specifically in wasm::WasmBinaryBuilder::visitCall within wasm-binary.cpp. The vulnerability occurs when processing crafted WASM input, which can trigger a segmentation fault and cause denial-of-service (as demons...

CVE-2019-7704

The CVE concerns Binaryen, specifically wasm-binary.cpp: WasmBinaryBuilder::readUserSection in Binaryen 1.38.22. The issue is an attempt at excessive memory allocation triggered by wasm-merge/wasm-opt, indicating a potential memory exhaustion vulnerability in the WebAssembly toolchain component. ...

CVE-2019-7154

The CVE-2019-7154 issue affects Binaryen 1.38.22, specifically the main function in tools/wasm2js.cpp. The root cause is a heap-based buffer overflow caused by misusing Emscripten, which triggers an error in cashew::JSPrinter::printAst() within emscripten-optimizer/simple_ast.h. A crafted input c...

CVE-2019-7662

CVE-2019-7662 affects Binaryen 1.38.22, where an assertion failure in wasm-binary.cpp::WasmBinaryBuilder::getType() can be triggered by a crafted wasm file, leading to remote denial of service through a crash. The available connected documents confirm the root cause and impact (DoS via crafted wa...