Vulnerabilities > CVE-2019-15759 - NULL Pointer Dereference vulnerability in Webassembly Binaryen

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

webassembly

CWE-476

NVD

Published: 2019-08-29

Updated: 2020-06-08

Summary

An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.

Vulnerable Configurations

Part	Description	Count
Application	Webassembly Webassembly Binaryen 1 Webassembly Binaryen 1.36.2 Webassembly Binaryen 1.36.3 Webassembly Binaryen 1.36.4 Webassembly Binaryen 1.36.5 Webassembly Binaryen 1.36.6 Webassembly Binaryen 1.36.7 Webassembly Binaryen 1.36.8 Webassembly Binaryen 1.36.9 Webassembly Binaryen 1.36.10 Webassembly Binaryen 1.36.11 Webassembly Binaryen 1.36.12 Webassembly Binaryen 1.36.13 Webassembly Binaryen 1.36.14 Webassembly Binaryen 1.37.0 Webassembly Binaryen 1.37.1 Webassembly Binaryen 1.37.2 Webassembly Binaryen 1.37.3 Webassembly Binaryen 1.37.4 Webassembly Binaryen 1.37.5 Webassembly Binaryen 1.37.6 Webassembly Binaryen 1.37.7 Webassembly Binaryen 1.37.8 Webassembly Binaryen 1.37.9 Webassembly Binaryen 1.37.10 Webassembly Binaryen 1.37.11 Webassembly Binaryen 1.37.12 Webassembly Binaryen 1.37.13 Webassembly Binaryen 1.37.14 Webassembly Binaryen 1.37.15 Webassembly Binaryen 1.37.16 Webassembly Binaryen 1.37.17 Webassembly Binaryen 1.37.18 Webassembly Binaryen 1.37.19 Webassembly Binaryen 1.37.20 Webassembly Binaryen 1.37.21 Webassembly Binaryen 1.37.22 Webassembly Binaryen 1.37.23 Webassembly Binaryen 1.37.24 Webassembly Binaryen 1.37.25 Webassembly Binaryen 1.37.26 Webassembly Binaryen 1.37.27 Webassembly Binaryen 1.37.28 Webassembly Binaryen 1.37.29 Webassembly Binaryen 1.37.30 Webassembly Binaryen 1.37.31 Webassembly Binaryen 1.37.32 Webassembly Binaryen 1.37.33 Webassembly Binaryen 1.37.34 Webassembly Binaryen 1.37.35 Webassembly Binaryen 1.37.36 Webassembly Binaryen 1.37.37 Webassembly Binaryen 1.37.38 Webassembly Binaryen 1.37.39 Webassembly Binaryen 1.37.40 Webassembly Binaryen 1.38.0 Webassembly Binaryen 1.38.1 Webassembly Binaryen 1.38.2 Webassembly Binaryen 1.38.3 Webassembly Binaryen 1.38.4 Webassembly Binaryen 1.38.5 Webassembly Binaryen 1.38.6 Webassembly Binaryen 1.38.7 Webassembly Binaryen 1.38.8 Webassembly Binaryen 1.38.9 Webassembly Binaryen 1.38.10 Webassembly Binaryen 1.38.11 Webassembly Binaryen 1.38.12 Webassembly Binaryen 1.38.13 Webassembly Binaryen 1.38.14 Webassembly Binaryen 1.38.15 Webassembly Binaryen 1.38.16 Webassembly Binaryen 1.38.17 Webassembly Binaryen 1.38.18 Webassembly Binaryen 1.38.19 Webassembly Binaryen 1.38.20 Webassembly Binaryen 1.38.21 Webassembly Binaryen 1.38.22 Webassembly Binaryen 1.38.23 Webassembly Binaryen 1.38.24 Webassembly Binaryen 1.38.25 Webassembly Binaryen 1.38.26 Webassembly Binaryen 1.38.27 Webassembly Binaryen 1.38.28 Webassembly Binaryen 1.38.29 Webassembly Binaryen 1.38.30 Webassembly Binaryen 1.38.31 Webassembly Binaryen 1.38.32 Webassembly Binaryen 1.38.47 Webassembly Binaryen 1.38.48 Webassembly Binaryen 1.39.1 Webassembly Binaryen 2 Webassembly Binaryen 3 Webassembly Binaryen 4 Webassembly Binaryen 5 Webassembly Binaryen 6 Webassembly Binaryen 7 Webassembly Binaryen 8 Webassembly Binaryen 9 Webassembly Binaryen 10 Webassembly Binaryen 11 Webassembly Binaryen 12 Webassembly Binaryen 13 Webassembly Binaryen 14 Webassembly Binaryen 15 Webassembly Binaryen 16 Webassembly Binaryen 17 Webassembly Binaryen 18 Webassembly Binaryen 19 Webassembly Binaryen 20 Webassembly Binaryen 21 Webassembly Binaryen 22 Webassembly Binaryen 23 Webassembly Binaryen 24 Webassembly Binaryen 25 Webassembly Binaryen 26 Webassembly Binaryen 27 Webassembly Binaryen 28 Webassembly Binaryen 29 Webassembly Binaryen 30 Webassembly Binaryen 31 Webassembly Binaryen 32 Webassembly Binaryen 33 Webassembly Binaryen 34 Webassembly Binaryen 35 Webassembly Binaryen 36 Webassembly Binaryen 37 Webassembly Binaryen 38 Webassembly Binaryen 39 Webassembly Binaryen 40 Webassembly Binaryen 41 Webassembly Binaryen 42 Webassembly Binaryen 43 Webassembly Binaryen 44 Webassembly Binaryen 45 Webassembly Binaryen 46 Webassembly Binaryen 47 Webassembly Binaryen 48 Webassembly Binaryen 49 Webassembly Binaryen 50 Webassembly Binaryen 51 Webassembly Binaryen 52 Webassembly Binaryen 53 Webassembly Binaryen 54 Webassembly Binaryen 55 Webassembly Binaryen 56 Webassembly Binaryen 57 Webassembly Binaryen 58 Webassembly Binaryen 59 Webassembly Binaryen 60 Webassembly Binaryen 61 Webassembly Binaryen 62 Webassembly Binaryen 63 Webassembly Binaryen 64 Webassembly Binaryen 65 Webassembly Binaryen 66 Webassembly Binaryen 67 Webassembly Binaryen 68 Webassembly Binaryen 69 Webassembly Binaryen 70 Webassembly Binaryen 71 Webassembly Binaryen 72 Webassembly Binaryen 73 Webassembly Binaryen 74 Webassembly Binaryen 75 Webassembly Binaryen 76 Webassembly Binaryen 77 Webassembly Binaryen 78 Webassembly Binaryen 79 Webassembly Binaryen 80 Webassembly Binaryen 81 Webassembly Binaryen 82 Webassembly Binaryen 83 Webassembly Binaryen 84 Webassembly Binaryen 85 Webassembly Binaryen 86 Webassembly Binaryen 87 Webassembly Binaryen 88	178

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References