CVE-2018-17293

Published: Sep 21, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/WAVM/WAVM/commit/31d670b6489e6d708c3b04b911cdf14ac43d846d

x_refsource_MISC

https://github.com/WAVM/WAVM/issues/110#issuecomment-421764693

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-17293

Description

Affected Products

References