CVE-2019-7154

Name of the Vulnerable Software and Affected Versions Binaryen version 1.38.22

Description The issue arises from a heap-based buffer overflow in the main function of tools/wasm2js.cpp due to the misuse of Emscripten. This triggers an error in the cashew::JSPrinter::printAst() function, located in emscripten-optimizer/simple ast.h. A crafted input can cause segmentation faults, leading to denial-of-service.

Recommendations For Binaryen version 1.38.22, consider restricting the use of the wasm2js tool until a patch is available to prevent potential denial-of-service attacks. As a temporary workaround, avoid using crafted inputs that could trigger the heap-based buffer overflow in the tools/wasm2js.cpp file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.