CVE-2020-18378 - OpenCVE

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Webassembly	Binaryen

Configuration 1 [-]

cpe:2.3:a:webassembly:binaryen:1.38.26:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/WebAssembly/binaryen/issues/1900	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-22T00:00:00

Updated: 2023-08-22T15:45:45.912567

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-18378

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-22T19:15:55.143

Modified: 2023-08-25T20:22:49.520

Link: CVE-2020-18378

JSON object: View

Redhat Information

No data.

CWE

CWE-476