Vulnerabilities > CVE-2023-52284 - Double Free vulnerability in Bytecodealliance Webassembly Micro Runtime

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

bytecodealliance

CWE-415

NVD

Published: 2023-12-31

Updated: 2024-11-21

Summary

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.

Vulnerable Configurations

Part	Description	Count
Application	Bytecodealliance Bytecodealliance Webassembly Micro Runtime - Bytecodealliance Webassembly Micro Runtime 1.0.0 Bytecodealliance Webassembly Micro Runtime 1.1.0 Bytecodealliance Webassembly Micro Runtime 1.1.1 Bytecodealliance Webassembly Micro Runtime 1.1.2 Bytecodealliance Webassembly Micro Runtime 1.2.0 Bytecodealliance Webassembly Micro Runtime 1.2.1 Bytecodealliance Webassembly Micro Runtime 1.2.2 Bytecodealliance Webassembly Micro Runtime 1.2.3	9

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References