CVE-2019-7153

Name of the Vulnerable Software and Affected Versions Binaryen version 1.38.22

Description A NULL pointer dereference issue was found in the wasm::WasmBinaryBuilder::processFunctions() function, specifically when calling wasm::WasmBinaryBuilder::getFunctionIndexName. This can be triggered by a crafted input, resulting in segmentation faults and leading to denial-of-service. An example of this issue is demonstrated by wasm-opt.

Recommendations For Binaryen version 1.38.22, consider avoiding the use of wasm::WasmBinaryBuilder::processFunctions() until a patch is available. As a temporary workaround, restrict the input to wasm-opt to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.