CVE-2020-18378 — NULL Pointer Dereference in Binaryen

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 66.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webassembly Binaryen Debian Binaryen

Timeline

PublishedAug 22

Description

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/binaryen< binaryen 68-1 (bookworm)

▶Debianwebassembly/binaryen< 68-1+3

▶NVDwebassembly/binaryen1.38.26

🔴Vulnerability Details

OSV

CVE-2020-18378: A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser↗2023-08-22

▶

GHSA

GHSA-vj54-ff4j-gq2v: A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser↗2023-08-22

▶

📋Vendor Advisories

Debian

CVE-2020-18378: binaryen - A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock i...↗2020

▶