An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
References
Link | Resource |
---|---|
https://github.com/WebAssembly/binaryen/issues/2288 | Exploit Patch Third Party Advisory |
https://github.com/WebAssembly/binaryen/pull/2289 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-08-29 02:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-15759
Mitre link : CVE-2019-15759
CVE.ORG link : CVE-2019-15759
JSON object : View
Products Affected
webassembly
- binaryen
CWE
CWE-476
NULL Pointer Dereference