CVE-2019-15758

Published: Aug 29, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.

Affected (1)

Products: Webassembly: Binaryen

Webassembly

1 product

Binaryen

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webassembly Binaryen	Before 89

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

https://github.com/WebAssembly/binaryen/issues/2288

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/WebAssembly/binaryen/pull/2290

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/WebAssembly/binaryen/issues/2288

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://github.com/WebAssembly/binaryen/pull/2290

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.