Shodan
Vulnerabilities
Vulnerable Software
Webassembly Virtual Machine Project:  >> Webassembly Virtual Machine  >> 2017-05-02  Security Vulnerabilities
CVE-2018-17292
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-21
CVE-2018-17293
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application crash by NULL pointer dereference) or possibly have unspecified other impact by crafting certain WebAssembly files.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-21
CVE-2018-16768
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16769
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16770
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16764
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16765
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16766
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16767
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved