Heap-based Buffer Overflow Vulnerability in Wasm3 by Google
CVE-2021-38592

7.5HIGH

Key Information:

Vendor

Wasm3 Project

Status
Wasm3
Vendor
CVE Published:
12 August 2021

What is CVE-2021-38592?

In Wasm3 version 0.5.0, there is a vulnerability characterized by a heap-based buffer overflow that occurs within the op_Const64 function. This function is invoked during the evaluation of expressions and when loading modules, which can lead to potential code execution or manipulation of memory. Exploiting this vulnerability can affect the integrity of the application and may allow an attacker to execute arbitrary code.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33554
x_refsource_MISC
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.