Memory Management Vulnerability in WAVM Software
CVE-2018-17293

8.8HIGH

Key Information:

Vendor

Webassembly Virtual Machine Project

Status
Webassembly Virtual Machine
Vendor
CVE Published:
21 September 2018

What is CVE-2018-17293?

A vulnerability exists in the WAVM software prior to September 16, 2018, due to improper handling of Emscripten memory during command-line arguments processing in WebAssembly files. Attackers can exploit this flaw to cause denial of service by triggering an application crash through a NULL pointer dereference. This issue emphasizes the need for robust memory management practices in the handling of WebAssembly input.

References

https://github.com/WAVM/WAVM/commit/31d670b6489e6d708c3b0...
x_refsource_MISC
https://github.com/WAVM/WAVM/issues/110#issuecomment-4217...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2018-17293 : Memory Management Vulnerability in WAVM Software