haruki3hhh/gist:bd228e6dcaf8c18140e1074964912b39

## gistfile1.txt
> [Discoverer]
> Ziyi Guo, L4Nce, Quhe


> [Description]
> An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and
> fixed in commit 06df58f allows a remote attacker to escalate privileges
> via a crafted file to the check_was_abi_compatibility function
>
> ------------------------------------------
>
> [Additional Information]
> The vendor has confirmed it and fixed it.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Evil, Invalid Memory Read
>
> ------------------------------------------
>
> [Vendor of Product]
> bytecodealliance
>
> ------------------------------------------
>
> [Affected Product Code Base]
> wasm-micro-runtime - vesion before b3f728c: fix in 06df58f
>
> ------------------------------------------
>
> [Affected Component]
> Function `check_wasi_abi_compatibility` in wasm-micro-runtime/core/iwasm/interpreter/wasm_loader.c:4276
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Just a crafted wasm file.
>
> ------------------------------------------
>
> [Reference]
> https://github.com/bytecodealliance/wasm-micro-runtime/issues/3122
> https://github.com/bytecodealliance/wasm-micro-runtime/pull/3126
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
	> [Discoverer]
	> Ziyi Guo, L4Nce, Quhe


	> [Description]
	> An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and
	> fixed in commit 06df58f allows a remote attacker to escalate privileges
	> via a crafted file to the check_was_abi_compatibility function
	>
	> ------------------------------------------
	>
	> [Additional Information]
	> The vendor has confirmed it and fixed it.
	>
	> ------------------------------------------
	>
	> [VulnerabilityType Other]
	> Evil, Invalid Memory Read
	>
	> ------------------------------------------
	>
	> [Vendor of Product]
	> bytecodealliance
	>
	> ------------------------------------------
	>
	> [Affected Product Code Base]
	> wasm-micro-runtime - vesion before b3f728c: fix in 06df58f
	>
	> ------------------------------------------
	>
	> [Affected Component]
	> Function `check_wasi_abi_compatibility` in wasm-micro-runtime/core/iwasm/interpreter/wasm_loader.c:4276
	>
	> ------------------------------------------
	>
	> [Attack Type]
	> Remote
	>
	> ------------------------------------------
	>
	> [Impact Escalation of Privileges]
	> true
	>
	> ------------------------------------------
	>
	> [Impact Information Disclosure]
	> true
	>
	> ------------------------------------------
	>
	> [Attack Vectors]
	> Just a crafted wasm file.
	>
	> ------------------------------------------
	>
	> [Reference]
	> https://github.com/bytecodealliance/wasm-micro-runtime/issues/3122
	> https://github.com/bytecodealliance/wasm-micro-runtime/pull/3126
	>
	> ------------------------------------------
	>
	> [Has vendor confirmed or acknowledged the vulnerability?]
	> true
	>
	> ------------------------------------------
No results found