Vulnerability Details CVE-2020-18378
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2020-18378
-
cpe:2.3:a:webassembly:binaryen:1.38.26