CVE-2024-35418

Name of the Vulnerable Software and Affected Versions wac version 385e1

Description A heap overflow issue was discovered in the setup call function at /wac-asan/wa.c, allowing attackers to cause a Denial of Service (DoS) via a crafted wasm file. The issue is related to the setup call function.

Recommendations For version 385e1, consider disabling the setup call function as a temporary workaround until a patch is available. Restrict access to the /wac-asan/wa.c file to minimize the risk of exploitation. Avoid using crafted wasm files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.