Heap-Based Buffer Overflow in Wasm3 by Wasm3
CVE-2022-28966

5.5MEDIUM

Key Information:

Vendor: Wasm3 Project
Status: Wasm3
Vendor: CVE Published:; 16 April 2022

🔔 Create Wasm3 Project Vulnerability Alert

What is CVE-2022-28966?

Wasm3 0.5.0 is affected by a heap-based buffer overflow vulnerability located in the NewCodePage function within m3_code.c. This vulnerability is indirectly invoked from the Compile_BranchTable function in m3_compile.c, allowing for potential exploitation that may lead to unauthorized access or execution of arbitrary code.

References

https://github.com/wasm3/wasm3/issues/320

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2022
Vulnerability Reserved
Apr 11, 2022

JSON