CVE-2024-34250Heap-based Buffer Overflow in Webassembly Micro Runtime

CWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
6.2MEDIUMNVD
OSV6.5
EPSS
0.1%
top 69.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
NetdataBytecodealliance Webassembly Micro RuntimeMsrc Azl3 Fluent-bit 3.0.6-1 ON Azure Linux 3.0+7 more
Timeline
PublishedMay 6
Latest updateFeb 3

Description

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages10 packages

Ubuntunetdata/netdata< 1.44.3-2ubuntu0.1+3

🔴Vulnerability Details

3
OSV
netdata vulnerabilities2025-02-03
GHSA
GHSA-7wfw-7p9h-4j2c: A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v22024-05-06
OSV
CVE-2024-34250: A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v22024-05-06

📋Vendor Advisories

2
Ubuntu
Netdata vulnerabilities2025-02-03
Microsoft
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" f2024-05-14
CVE-2024-34250 — Heap-based Buffer Overflow | cvebase