Vulnerabilities > CVE-2020-18378 - NULL Pointer Dereference vulnerability in Webassembly Binaryen 1.38.26

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
webassembly
CWE-476

Summary

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

Vulnerable Configurations

Part Description Count
Application
Webassembly
1

Common Weakness Enumeration (CWE)