Binaryen Security Vulnerabilities and Issues — Binaryen CVE List

Lucene search

WebassemblyBinaryen

6 matches found

CVE•added 2019/02/10 10:29 p.m.•50 views

CVE-2019-7703

In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.

6.5CVSS6.3AI score0.00494EPSS

CVE•added 2019/02/10 10:29 p.m.•48 views

CVE-2019-7702

A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

6.5CVSS6.3AI score0.00312EPSS

CVE•added 2019/02/10 10:29 p.m.•42 views

CVE-2019-7701

A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.

6.5CVSS6.4AI score0.00311EPSS

CVE•added 2019/02/10 10:29 p.m.•41 views

CVE-2019-7700

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.

6.5CVSS6.4AI score0.00308EPSS

CVE•added 2019/02/09 4:29 p.m.•40 views

CVE-2019-7662

An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.

7.1CVSS6.2AI score0.004EPSS

CVE•added 2019/02/10 10:29 p.m.•40 views

CVE-2019-7704

wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.

6.5CVSS6.4AI score0.00311EPSS