Skip to content

Instantly share code, notes, and snippets.

@haruki3hhh
Last active November 8, 2024 18:24
Show Gist options
  • Save haruki3hhh/e468ac3b3234f9bc42a9cc367457119a to your computer and use it in GitHub Desktop.
Save haruki3hhh/e468ac3b3234f9bc42a9cc367457119a to your computer and use it in GitHub Desktop.
Advisory for CVE-2024-27532

Discoverers: Ziyi Guo, quhe, L4Nce

Details:

[Suggested description] wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.


[VulnerabilityType Other] NULL Pointer Dereference


[Vendor of Product] https://github.com/bytecodealliance/wasm-micro-runtime.git


[Affected Product Code Base] https://github.com/bytecodealliance/wasm-micro-runtime.git 06df58f - bytecodealliance/wasm-micro-runtime#3130


[Affected Component] whole wasm runtime is affected


[Attack Type] Remote


[Impact Denial of Service] true


[Attack Vectors] a crafted wasm file


[Reference] bytecodealliance/wasm-micro-runtime#3130


[Has vendor confirmed or acknowledged the vulnerability?] true


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment