Skip to content

Instantly share code, notes, and snippets.

@haruki3hhh

haruki3hhh/report.md

Last active November 8, 2024 18:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save haruki3hhh/94dd274487b58e037bcc8839dc88b203 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save haruki3hhh/94dd274487b58e037bcc8839dc88b203 to your computer and use it in GitHub Desktop.
Download ZIP
Advisory for CVE-2024-27530
Raw
report.md

Discoverers: Ziyi Guo, quhe, L4Nce

Details:

[Suggested description] wasm3 139076a contains a Use-After-Free in ForEachModule.

[VulnerabilityType Other] Use-After-Free

[Vendor of Product] https://github.com/wasm3/wasm3.git 139076a

[Affected Product Code Base] https://github.com/wasm3/wasm3.git - wasm3/wasm3#464

[Affected Component] attacker can use this UAF both local or remot. Whole wasm runtime is affected.

[Attack Type] Remote

[Impact Code execution] true

[Impact Denial of Service] true

[Attack Vectors] a crafted wasm file.

[Reference] wasm3/wasm3#458

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment