An issue exists in WAVM prior to 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing malicious users to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webassembly virtual machine project webassembly virtual machine |