Webassembly Webassembly

  1. Vendors
  2. Webassembly
Do you want an email whenever new security vulnerabilities are reported in any Webassembly product?

Products by Webassembly Sorted by Most Security Vulnerabilities since 2018

Webassembly Binaryen10 vulnerabilities

Webassembly Wabt4 vulnerabilities

Webassembly4 vulnerabilities

Webassembly Binary Toolkit4 vulnerabilities

Webassembly Wasm1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Webassembly . Last year Webassembly had 10 security vulnerabilities published. Right now, Webassembly is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 10 6.13
2022 10 6.05
2021 2 6.50
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Webassembly vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Webassembly Security Vulnerabilities

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange()

CVE-2023-46331 5.5 - Medium - October 23, 2023

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

Out-of-bounds Read

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop()

CVE-2023-46332 5.5 - Medium - October 23, 2023

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

Memory Corruption

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26

CVE-2020-18378 6.5 - Medium - August 22, 2023

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

NULL Pointer Dereference

Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26

CVE-2020-18382 6.5 - Medium - August 22, 2023

Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.

Memory Corruption

WebAssembly wat2wasm v1.0.32

CVE-2023-31669 5.5 - Medium - May 23, 2023

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").

Output Sanitization

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32

CVE-2023-31670 7.5 - High - May 23, 2023

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

WebAssembly v1.0.29 was discovered to contain a segmentation fault

CVE-2023-27115 5.5 - Medium - March 10, 2023

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

CVE-2023-27116 5.5 - Medium - March 10, 2023

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

WebAssembly v1.0.29 was discovered to contain a heap overflow

CVE-2023-27117 7.8 - High - March 10, 2023

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

Memory Corruption

WebAssembly v1.0.29 was discovered to contain a segmentation fault

CVE-2023-27119 5.5 - Medium - March 10, 2023

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read

CVE-2022-43280 7.1 - High - October 28, 2022

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.

Out-of-bounds Read

wasm-interp v1.0.29 was discovered to contain a heap overflow

CVE-2022-43281 7.8 - High - October 28, 2022

wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.

Memory Corruption

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read

CVE-2022-43282 7.1 - High - October 28, 2022

wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.

Out-of-bounds Read

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.

CVE-2022-43283 5.5 - Medium - October 28, 2022

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.

Unrestricted File Upload

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.

CVE-2021-46052 5.5 - Medium - January 10, 2022

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.

assertion failure

A Denial of Service vulnerability exists in Binaryen 103

CVE-2021-46053 5.5 - Medium - January 10, 2022

A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.

Buffer Overflow

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

CVE-2021-46054 5.5 - Medium - January 10, 2022

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

assertion failure

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

CVE-2021-46055 5.5 - Medium - January 10, 2022

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

assertion failure

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

CVE-2021-46048 5.5 - Medium - January 10, 2022

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

assertion failure

A Stack Overflow vulnerability exists in Binaryen 103

CVE-2021-46050 5.5 - Medium - January 10, 2022

A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.

Allocation of Resources Without Limits or Throttling

A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.

CVE-2021-45293 5.5 - Medium - December 21, 2021

A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.

Buffer Overflow

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

CVE-2021-45290 7.5 - High - December 21, 2021

A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

assertion failure

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.