Skip to content

Instantly share code, notes, and snippets.

@haruki3hhh

haruki3hhh/report.md

Created November 8, 2024 19:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save haruki3hhh/9d2a5a139a8b72517009953d0ba7338c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save haruki3hhh/9d2a5a139a8b72517009953d0ba7338c to your computer and use it in GitHub Desktop.
Download ZIP
Advisory for CVE-2024-35426
Raw
report.md

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.

[Vulnerability Type] Buffer Overflow

[Vendor of Product] https://github.com/andoma/vmir

[Affected Product Code Base] https://github.com/andoma/vmir - e81176b

[Affected Component] vmir

[Attack Type] Remote

[Impact Code execution] true

[Impact Denial of Service] true

[Attack Vectors] a crafted wasm file

[Reference] andoma/vmir#24

[Discoverer] Ziyi Guo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment