PT-2022-19331 · Wasm3 · Wasm3
Zu1Ko
·
Published
2022-04-16
·
Updated
2022-04-26
·
CVE-2022-28966
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Wasm3 version 0.5.0
Description
The issue is a heap-based buffer overflow in the
NewCodePage function in m3 code.c, which is called indirectly from the Compile BranchTable function in m3 compile.c.Recommendations
For Wasm3 version 0.5.0, consider disabling the
NewCodePage function or restricting access to the Compile BranchTable function in m3 compile.c until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wasm3