Created
November 8, 2024 18:49
-
-
Save haruki3hhh/8b9e1922083abef33a9024017eb2b9fe to your computer and use it in GitHub Desktop.
Advisory for CVE-2024-35419
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Discoverers: Ziyi Guo | |
| # Details: | |
| > [Suggested description] | |
| > wac commit 385e1 was discovered to contain a heap overflow via the | |
| > load_module function at /wac-asan/wa.c. This vulnerability allows | |
| > attackers to cause a Denial of Service (DoS) via a crafted wasm file. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vulnerability Type] | |
| > Buffer Overflow | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vendor of Product] | |
| > https://github.com/kanaka/wac | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Product Code Base] | |
| > https://github.com/kanaka/wac - 385e13c | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Component] | |
| > wace | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Type] | |
| > Remote | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Code execution] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Denial of Service] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Vectors] | |
| > a crafted wasm file | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Reference] | |
| > https://github.com/kanaka/wac/issues/18 | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Discoverer] | |
| > Ziyi Guo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment