Skip to content

Instantly share code, notes, and snippets.

@haruki3hhh
Created November 8, 2024 18:11
Show Gist options
  • Save haruki3hhh/baa757c4af4fefb410d9c74d7a68152e to your computer and use it in GitHub Desktop.
Save haruki3hhh/baa757c4af4fefb410d9c74d7a68152e to your computer and use it in GitHub Desktop.
Advisory for CVE-2024-27528

Discoverers: Ziyi Guo, quhe, L4Nce

Details

[Suggested description] wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution.


[VulnerabilityType Other] Evil/invlid memory dereference


[Vendor of Product] https://github.com/wasm3/wasm3.git


[Affected Product Code Base] https://github.com/wasm3/wasm3.git, version 139076a - wasm3/wasm3#463


[Affected Component] attackers can launch attack both remote and local.


[Attack Type] Remote


[Impact Code execution] true


[Impact Denial of Service] true


[Attack Vectors] a crafted wasm file


[Reference] wasm3/wasm3#463


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment