PT-2023-23409 · Unknown+1 · Webassembly Wat2Wasm+1

Khagankhan

·

Publicado

2023-05-23

·

Atualizado

2025-01-31

·

CVE-2023-31669

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions WebAssembly wat2wasm version 1.0.32
Description The issue allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("").
Recommendations For version 1.0.32, avoid using the '@' symbol before a quote (") in the input to prevent the crash. As a temporary workaround, consider validating the input to ensure it does not contain the '@' symbol before a quote until a patch is available.

Exploit

Correção

Improper Encoding or Escaping of Output

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-116

Identificadores relacionados

CVE-2023-31669

Produtos afetados

Debian
Webassembly Wat2Wasm