Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
References
| Link | Resource |
|---|---|
| https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 | Patch |
| https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586 | Exploit Issue Tracking Patch Vendor Advisory |
| https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590 | Patch |
Configurations
History
08 Jan 2024, 19:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
| References | () https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590 - Patch | |
| References | () https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 - Patch | |
| CPE | cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Bytecodealliance
Bytecodealliance webassembly Micro Runtime |
|
| CWE | CWE-415 |
31 Dec 2023, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-31 06:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-52284
Mitre link : CVE-2023-52284
CVE.ORG link : CVE-2023-52284
JSON object : View
Products Affected
bytecodealliance
- webassembly_micro_runtime
CWE
CWE-415
Double Free