CVE-2019-7152

Name of the Vulnerable Software and Affected Versions Binaryen version 1.38.22

Description A heap-based buffer over-read issue was found in the wasm::WasmBinaryBuilder::processFunctions() function, specifically when calling wasm::WasmBinaryBuilder::getFunctionIndexName. This can be triggered by a crafted input, leading to segmentation faults and resulting in denial-of-service, as shown by the wasm-opt tool.

Recommendations For Binaryen version 1.38.22, consider avoiding the use of the wasm::WasmBinaryBuilder::processFunctions() function until a patch is available. As a temporary workaround, restrict the input to wasm-opt to prevent crafted inputs from causing segmentation faults. At the moment, there is no information about a newer version that contains a fix for this vulnerability.