Binaryen

binaryen

Vendor: Webassembly • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-8257 1Webassembly 1Binaryen May 21, 2026 May 11, 2026 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results...Show more A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.Show less
CVE-2025-14957 1Webassembly 1Binaryen Apr 29, 2026 Dec 19, 2025 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the componen...Show more A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.Show less
CVE-2025-14956 1Webassembly 1Binaryen Apr 29, 2026 Dec 19, 2025 1.9 LOW· v4 7.1 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overf...Show more A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.Show less
CVE-2020-18382 1Webassembly 1Binaryen Nov 21, 2024 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrat...Show more Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.Show less
CVE-2020-18378 1Webassembly 1Binaryen Nov 21, 2024 Aug 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrat...Show more A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.Show less
CVE-2021-46055 1Webassembly 1Binaryen Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).
CVE-2021-46054 1Webassembly 1Binaryen Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).
CVE-2021-46053 1Webassembly 1Binaryen Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.
CVE-2021-46052 1Webassembly 1Binaryen Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.
CVE-2021-46050 1Webassembly 1Binaryen Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.
CVE-2021-46048 1Webassembly 1Binaryen Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.
CVE-2021-45293 2Fedoraproject Webassembly 2Binaryen Fedora Nov 21, 2024 Dec 21, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.
CVE-2021-45290 2Fedoraproject Webassembly 2Binaryen Fedora Nov 21, 2024 Dec 21, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.
CVE-2019-15759 1Webassembly 1Binaryen Nov 21, 2024 Aug 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults...Show more An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.Show less
CVE-2019-15758 1Webassembly 1Binaryen Nov 21, 2024 Aug 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrate...Show more An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.Show less
CVE-2019-7704 1Webassembly 1Binaryen Nov 21, 2024 Feb 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.
CVE-2019-7703 1Webassembly 1Binaryen Nov 21, 2024 Feb 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonst...Show more In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.Show less
CVE-2019-7702 1Webassembly 1Binaryen Nov 21, 2024 Feb 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as d...Show more A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.Show less
CVE-2019-7701 1Webassembly 1Binaryen Nov 21, 2024 Feb 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as de...Show more A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.Show less
CVE-2019-7700 1Webassembly 1Binaryen Nov 21, 2024 Feb 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrate...Show more A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.Show less

12 Next