Out-of-Bounds Read Vulnerability in WebAssembly Interpreter v1.0.29
CVE-2022-43282

7.1HIGH

Key Information:

Vendor: Webassembly
Status: Wabt
Vendor: CVE Published:; 28 October 2022

🔔 Create Webassembly Vulnerability Alert

What is CVE-2022-43282?

An out-of-bounds read vulnerability was found in wasm-interp v1.0.29, specifically within the OnReturnCallIndirectExpr component. This flaw occurs during the processing of certain expressions, where the system may attempt to read beyond the allocated memory space. Such behavior could lead to unintended information disclosure or instability in the application.

References

https://github.com/WebAssembly/wabt/issues/1983

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Oct 17, 2022

JSON