CVE-2018-17293

Name of the Vulnerable Software and Affected Versions WAVM versions prior to 2018-09-16

Description An issue in the run function in Programs/wavm/wavm.cpp allows attackers to cause a denial of service or possibly have other impacts by crafting certain WebAssembly files. This occurs because the function does not check whether there is Emscripten memory to store command-line arguments passed by the input WebAssembly file's main function, leading to a potential NULL pointer dereference.

Recommendations For versions prior to 2018-09-16, update to a version released after 2018-09-16 to resolve the issue. As a temporary workaround, consider restricting the execution of untrusted WebAssembly files to minimize the risk of exploitation.