Skip to content

Instantly share code, notes, and snippets.

View haruki3hhh's full-sized avatar
🏠
Working from home

haruki3hhh

🏠
Working from home
View GitHub Profile
@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 19:01
Advisory for CVE-2024-35427

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c.

[VulnerabilityType Other] invalid memory read

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 19:00
Advisory for CVE-2024-35426

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.

[Vulnerability Type] Buffer Overflow

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:58
Advisory for CVE-2024-35425

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c.

[VulnerabilityType Other] invalid memory access

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:57
Advisory for CVE-2024-35424

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c.

[VulnerabilityType Other] Invalid memory read

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:56
Advisory for CVE-2024-35423

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c.

[VulnerabilityType Other] null pointer deref

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:55
Advisory for CVE-2024-35422

Discoverer: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c.

[Vulnerability Type] Buffer Overflow

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:53
Advisory for CVE-2024-35421

Discoverers: Ziyi Guo

Details:

[Suggested description] vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c.

[VulnerabilityType Other] Null Pointer Deref

@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:51
Advisory for CVE-2024-35420

Discoverers: Ziyi Guo

Details:

[Suggested description] wac commit 385e1 was discovered to contain a heap overflow.

[VulnerabilityType Other] DoS >

@haruki3hhh
haruki3hhh / gist:8b9e1922083abef33a9024017eb2b9fe
Created November 8, 2024 18:49
Advisory for CVE-2024-35419
# Discoverers: Ziyi Guo
# Details:
> [Suggested description]
> wac commit 385e1 was discovered to contain a heap overflow via the
> load_module function at /wac-asan/wa.c. This vulnerability allows
> attackers to cause a Denial of Service (DoS) via a crafted wasm file.
>
> ------------------------------------------
>
> [Vulnerability Type]
@haruki3hhh
haruki3hhh / report.md
Created November 8, 2024 18:48
Advisory for CVE-2024-35418

Discoverers: Ziyi Guo

Details:

[Suggested description] wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file.

[Vulnerability Type]