Vulnerabilities > CVE-2019-7702 - NULL Pointer Dereference vulnerability in Webassembly Binaryen

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

webassembly

CWE-476

NVD

Published: 2019-02-10

Updated: 2019-02-11

Summary

A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

Vulnerable Configurations

Part	Description	Count
Application	Webassembly Webassembly Binaryen 1 Webassembly Binaryen 1.38.22 Webassembly Binaryen 2 Webassembly Binaryen 3 Webassembly Binaryen 4 Webassembly Binaryen 5 Webassembly Binaryen 6 Webassembly Binaryen 7 Webassembly Binaryen 8 Webassembly Binaryen 9 Webassembly Binaryen 10 Webassembly Binaryen 11 Webassembly Binaryen 12 Webassembly Binaryen 13 Webassembly Binaryen 14 Webassembly Binaryen 15 Webassembly Binaryen 16 Webassembly Binaryen 17 Webassembly Binaryen 18 Webassembly Binaryen 19 Webassembly Binaryen 20 Webassembly Binaryen 21 Webassembly Binaryen 22 Webassembly Binaryen 23 Webassembly Binaryen 24 Webassembly Binaryen 25 Webassembly Binaryen 26 Webassembly Binaryen 27 Webassembly Binaryen 28 Webassembly Binaryen 29 Webassembly Binaryen 30 Webassembly Binaryen 31 Webassembly Binaryen 32 Webassembly Binaryen 33 Webassembly Binaryen 34 Webassembly Binaryen 35 Webassembly Binaryen 36 Webassembly Binaryen 37 Webassembly Binaryen 38 Webassembly Binaryen 39 Webassembly Binaryen 40 Webassembly Binaryen 41 Webassembly Binaryen 42 Webassembly Binaryen 43 Webassembly Binaryen 44 Webassembly Binaryen 45 Webassembly Binaryen 46 Webassembly Binaryen 47 Webassembly Binaryen 48 Webassembly Binaryen 49 Webassembly Binaryen 50 Webassembly Binaryen 51 Webassembly Binaryen 52 Webassembly Binaryen 53 Webassembly Binaryen 54 Webassembly Binaryen 55 Webassembly Binaryen 56 Webassembly Binaryen 57 Webassembly Binaryen 58 Webassembly Binaryen 59 Webassembly Binaryen 60 Webassembly Binaryen 61 Webassembly Binaryen 62 Webassembly Binaryen 63	64

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/WebAssembly/binaryen/issues/1867