CVE-2024-28123

Опубликовано: 21 мар. 2024

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

EPSS Низкий

Описание

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.

Ссылки

https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f
Patch
https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1
Release Notes
https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq
Vendor Advisory
https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f
Patch
https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1
Release Notes
https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wasmi-labs:wasmi:*:*:*:*:*:rust:*:*

Версия от 0.15.0 (включая) до 0.31.1 (исключая)

EPSS

Процентиль: 54%

0.00312

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-75jp-vq8x-h4cq

CVSS3: 7.3

github

почти 2 года назад

Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

EPSS

Процентиль: 54%

0.00312

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-787